Interface GoTrueMFAApi

Contains the full multi-factor authentication API.

Hierarchy

  • GoTrueMFAApi

Properties

webauthn: WebAuthnApi

Methods

  • Prepares a challenge used to verify that a user has access to a MFA factor.

    Parameters

    • params: {
          factorId: string;
      }
      • factorId: string

        ID of the factor to be challenged. Returned in enroll().

    Returns Promise<{
        data: null;
        error: AuthError;
    } | {
        data: { id: string; type: "totp"; expires_at: number; };
        error: null;
    }>

  • Parameters

    • params: {
          channel: "sms" | "whatsapp";
          factorId: string;
      }
      • channel: "sms" | "whatsapp"

        Messaging channel to use (e.g. whatsapp or sms). Only relevant for phone factors

      • factorId: string

        ID of the factor to be challenged. Returned in enroll().

    Returns Promise<{
        data: null;
        error: AuthError;
    } | {
        data: { id: string; type: "phone"; expires_at: number; };
        error: null;
    }>

  • Parameters

    • params: {
          factorId: string;
          webauthn: {
              rpId: string;
              rpOrigins?: string[];
          };
      }
      • factorId: string

        ID of the factor to be challenged. Returned in enroll().

      • webauthn: {
            rpId: string;
            rpOrigins?: string[];
        }
        • rpId: string

          Relying party ID

        • Optional rpOrigins?: string[]

          Relying party origins

    Returns Promise<{
        data: null;
        error: AuthError;
    } | {
        data: { id: string; type: "webauthn"; expires_at: number; webauthn: { type: "create"; credential_options: { publicKey: PublicKeyCredentialCreationOptionsFuture; }; } | { ...; }; };
        error: null;
    }>

  • Parameters

    Returns Promise<AuthMFAChallengeResponse>

  • Helper method which creates a challenge and immediately uses the given code to verify against it thereafter. The verification code is provided by the user by entering a code seen in their authenticator app.

    Parameters

    • params: {
          code: string;
          factorId: string;
      }
      • code: string

        Verification code provided by the user.

      • factorId: string

        ID of the factor being verified. Returned in enroll().

    Returns Promise<AuthMFAVerifyResponse>

  • Starts the enrollment process for a new Multi-Factor Authentication (MFA) factor. This method creates a new unverified factor. To verify a factor, present the QR code or secret to the user and ask them to add it to their authenticator app. The user has to enter the code from their authenticator app to verify it.

    Upon verifying a factor, all other sessions are logged out and the current session's authenticator level is promoted to aal2.

    Parameters

    • params: {
          factorType: "totp";
          friendlyName?: string;
          issuer?: string;
      }
      • factorType: "totp"

        The type of factor being enrolled.

      • Optional friendlyName?: string

        Human readable name assigned to the factor.

      • Optional issuer?: string

        Domain which the user is enrolled with.

    Returns Promise<AuthMFAEnrollTOTPResponse>

  • Parameters

    • params: {
          factorType: "phone";
          friendlyName?: string;
          phone: string;
      }
      • factorType: "phone"

        The type of factor being enrolled.

      • Optional friendlyName?: string

        Human readable name assigned to the factor.

      • phone: string

        Phone number associated with a factor. Number should conform to E.164 format

    Returns Promise<AuthMFAEnrollPhoneResponse>

  • Parameters

    • params: {
          factorType: "webauthn";
          friendlyName?: string;
      }
      • factorType: "webauthn"

        The type of factor being enrolled.

      • Optional friendlyName?: string

        Human readable name assigned to the factor.

    Returns Promise<AuthMFAEnrollWebauthnResponse>

  • Parameters

    Returns Promise<AuthMFAEnrollResponse>

  • Returns the Authenticator Assurance Level (AAL) for the active session.

    • aal1 (or null) means that the user's identity has been verified only with a conventional login (email+password, OTP, magic link, social login, etc.).
    • aal2 means that the user's identity has been verified both with a conventional login and at least one MFA factor.

    Although this method returns a promise, it's fairly quick (microseconds) and rarely uses the network. You can use this to check whether the current user needs to be shown a screen to verify their MFA factors.

    Returns Promise<AuthMFAGetAuthenticatorAssuranceLevelResponse>

  • Verifies a code against a challenge. The verification code is provided by the user by entering a code seen in their authenticator app.

    Parameters

    • params: {
          challengeId: string;
          code: string;
          factorId: string;
      }
      • challengeId: string

        ID of the challenge being verified. Returned in challenge().

      • code: string

        Verification code provided by the user.

      • factorId: string

        ID of the factor being verified. Returned in enroll().

    Returns Promise<AuthMFAVerifyResponse>

  • Parameters

    • params: {
          challengeId: string;
          code: string;
          factorId: string;
      }
      • challengeId: string

        ID of the challenge being verified. Returned in challenge().

      • code: string

        Verification code provided by the user.

      • factorId: string

        ID of the factor being verified. Returned in enroll().

    Returns Promise<AuthMFAVerifyResponse>

  • Parameters

    • params: {
          challengeId: string;
          factorId: string;
          webauthn: MFAVerifyWebauthnParamFieldsBase & MFAVerifyWebauthnCredentialParamFields<"create" | "request">;
      }
      • challengeId: string

        ID of the challenge being verified. Returned in challenge().

      • factorId: string

        ID of the factor being verified. Returned in enroll().

      • webauthn: MFAVerifyWebauthnParamFieldsBase & MFAVerifyWebauthnCredentialParamFields<"create" | "request">

    Returns Promise<AuthMFAVerifyResponse>

  • Parameters

    Returns Promise<AuthMFAVerifyResponse>

Generated using TypeDoc