When attempting to enroll passkeys with the MyAccount API, on the https://{auth0_tenant_domain}/me/v1/authentication-methods/{authentication_method_id}/verify request, an Unexpected registration response origin error occurs. This issue occurs when the passkey originates from a domain that does not match the Relying Party Identifier (RP ID) domain or the tenant's custom domain. Adding the application origin domain to the allowed origins in the Auth0 Dashboard resolves an unexpected registration response origin error that occurs when enrolling passkeys using the MyAccount API.

Unexpected registration response origin

• Auth0
• MyAccount API
• Passkey Enrollment

This error can occur if the passkey is created with an origin that does not match either the Relying Party Identifier (RP ID) domain or the tenant's custom domain.

How is the Unexpected registration response origin error resolved?

Navigate to the application settings in the Auth0 Dashboard and configure the Cross-Origin Resource Sharing (CORS) settings to include the application origin URL.

1. In the Auth0 Dashboard, select Applications, and choose Applications.
2. Select the name of the application.
3. Navigate to the Cross-Origin Authentication section and toggle on Allow Cross-Origin Authentication.
4. Locate Allowed Origins (CORS) and enter the application origin URL.
5. Select Save Changes.

Related References

• Configure Cross-Origin Authentication