Expand description
Multi-Factor Authentication API Endpoints
Handles TOTP setup, verification, backup codes, and MFA management.
§Storage keys
mfa_pending_secret:{user_id}— base32 TOTP secret, TTL 10 min (before verification)mfa_pending_backup_codes:{user_id}— JSON array of hex-encoded SHA-256 hashes, TTL 10 minmfa_secret:{user_id}— active base32 TOTP secret (no TTL)mfa_backup_codes:{user_id}— JSON array of hex-encoded SHA-256 hashes (no TTL)mfa_enabled:{user_id}— b“true“ when MFA is active (no TTL)
Structs§
- Backup
Code Verify Request POST /mfa/verify-backup-code— authenticate with a one-time backup code.- MfaDisable
Request - Request payload to disable MFA (requires proof of identity).
- MfaSetup
Response - Response returned after initiating MFA setup.
- MfaStatus
Response - Current MFA enrollment status for the authenticated user.
- MfaVerify
Request - Request payload for the TOTP verification step.
Functions§
- check_
user_ mfa_ status - Returns
trueif MFA is currently active foruser_id. - disable_
mfa POST /mfa/disable— remove MFA from the authenticated account.- get_
mfa_ status GET /mfa/status— query the current MFA enrollment state.- regenerate_
backup_ codes POST /mfa/regenerate-backup-codes— replace all backup codes.- setup_
mfa POST /mfa/setup— initiate MFA enrollment.- verify_
backup_ code - Handler for
POST /mfa/verify-backup-code. - verify_
mfa POST /mfa/verify— complete MFA enrollment.