Time-based one-time password (TOTP)
Methods
createTOTP()
function createTOTP(): Promise<TOTPResource>;
Generates a TOTP secret for a user that can be used to register the application on the user's authenticator app of choice. Note that if this method is called again (while still unverified), it replaces the previously generated secret.
Returns
| Type | Description |
|---|---|
Promise<TOTPResource> | The newly created TOTP object. |
verifyTOTP()
function verifyTOTP(params: VerifyTOTPParams): Promise<TOTPResource>;
Verifies a TOTP secret after a user has created it. The user must provide a code from their authenticator app, that has been generated using the previously created secret. This way, correct set up and ownership of the authenticator app can be validated.
VerifyTOTPParams
| Name | Type | Description |
|---|---|---|
code | string | A 6 digit TOTP generated from the user's authenticator app. |
Returns
| Type | Description |
|---|---|
Promise<TOTPResource> | The newly verified TOTP object. |
disableTOTP()
function disableTOTP(): Promise<DeletedObject>;
Disables TOTP by deleting the user's TOTP secret.
Returns
| Type | Description |
|---|---|
Promise<DeletedObject> | The reference to the deleted TOTP object. |
createBackupCode()
function createBackupCode(): Promise<BackupCodeResource>;
Generates a fresh new set of backup codes for the user. Note that if this method is called again, it replaces the previously generated codes.
Returns
| Type | Description |
|---|---|
Promise<BackupCodeResource> | The newly created backup code. |
Types
TOTPResource
| Name | Type | Description |
|---|---|---|
id | string | A unique identifier for this TOTP secret |
secret? | string | The generated TOTP secret. Note: this is only returned to the client upon creation and cannot be retrieved afterwards. |
uri? | string | A complete TOTP configuration URI including the Issuer, Account, etc that can be pasted to an authenticator app or encoded to a QR code and scanned for convenience. Just like the secret, the URI is exposed to the client only upon creation and cannot be retrieved afterwards. |
verified | boolean | Whether this TOTP secret has been verified by the user by providing one code generated with it. TOTP is not enabled on the user unless they have a verified secret. |
backupCodes? | string[] | A set of fresh generated Backup codes. Note that this will be populated if the feature is enabled in your instance and the user doesn't already have backup codes generated. |
createdAt | Date | Creation date of the TOTP secret |
updatedAt | Date | Update timestamp of the TOTP secret |
BackupCodeResource
| Name | Type | Description |
|---|---|---|
id | string | A unique identifier for this TOTP secret |
codes | string[] | The generated set of backup codes |
createdAt | Date | Creation date of the TOTP secret |
updatedAt | Date | Update timestamp of the TOTP secret |