TOTP Configuration
#
Introduction#
ConceptTOTP is used in our 2FA mechanism.
It must register on a external TOTP App via a QR Code.
#
TOTP#
Configure TOTPThis initiates a TOTP Enrollment to attach TOTP secret to an identity
#
RequestCookies:
accesstoken
(opaque token) (ACR >= 1):mid
claim as the identity id.tokentype
(optional): must bebearer
.
Headers:
X-CSRF-Token
: a token to prevent from CSRF attacks.
Path Parameters:
id
(uuid string): the identity unique id.
#
ResponseCode:
JSON Body:
id
: an uuid to identify the enrollment flowbase64_image
: the QR code image encoded in base64
#
Finish TOTP enrollmentThis completes a TOTP Enrollment flow.
#
RequestCookies:
accesstoken
(opaque token) (ACR >= 1):mid
claim as the identity id.tokentype
(optional): must bebearer
.
Headers:
X-CSRF-Token
: a token to prevent from CSRF attacks.
Path Parameters:
id
(uuid string): the identity unique id.
JSON Body:
id
: the unique id identifying the enrollment flowcode
: the code returned by the external app when registering via the QR code
#
ResponseCode:
JSON Body:
recovery_codes
: a set of one time use codes that can be used instead of the code during auth flow
#
Regenerate recovery codesThis allows a user to regenerate their set of recovery codes.
It erases the old set.
#
RequestCookies:
accesstoken
(opaque token) (ACR >= 3):mid
claim as the identity id.tokentype
(optional): must bebearer
.
Headers:
X-CSRF-Token
: a token to prevent from CSRF attacks.
Path Parameters:
id
(uuid string): the identity unique id.
#
ResponseCode:
JSON Body:
recovery_codes
: a set of one time use codes that can be used instead of the code during auth flow
#
Delete TOTP SecretThis route deletes the unique identity secret.
The identity must not have mfa_method
configured to totp
.
#
RequestCookies:
accesstoken
(opaque token) (ACR >= 2):mid
claim as the identity id owning the credential.tokentype
: must bebearer
Headers:
X-CSRF-Token
: a token to prevent from CSRF attacks
Path Parameters:
id
(string) (uuid): The identity id.
#
ResponseCode: