Second factor

These are all methods on the SignIn class that allow you to handle the second factor of a multi-factor authentication flow.

`prepareSecondFactor()`

Begins the second factor verification process. This step is optional in order to complete a sign in.

A common scenario for the second step verification (2FA) is to require a one-time code (OTP) as proof of identity. This is determined by the accepted strategy parameter values. Each authentication identifier supports different strategies.

While the phone_code strategy requires preparation, the totp strategy does not - the user can directly attempt the second factor verification in that case.


function prepareSecondFactor(params: PrepareSecondFactorParams): Promise<SignIn>;

`PrepareSecondFactorParams`

Name	Type	Description
`strategy`	`'phone_code' \| 'totp'`	The strategy to be used for second factor verification. Possible `strategy` values are currently: `phone_code`: User will receive a one-time authentication code in their phone, via SMS. At least one phone number should be on file for the user.

`prepareSecondFactor()` returns

Type	Description
`Promise<SignIn>`	A `Promise` which resolves with a `SignIn` object. Check the `secondFactorVerification` attribute for the status of the second factor verification process.

`attemptSecondFactor()`

Attempts to complete the second factor verification process (2FA). This step is optional in order to complete a sign in.

For the phone_code strategy, make sure that a verification has already been prepared before you call this method, by first calling SignIn.prepareSecondFactor. Depending on the strategy that was selected when the verification was prepared, the method parameters should be different.

The totp strategy can directly be attempted, without the need for preparation.


function attemptSecondFactor(params: AttemptSecondFactorParams): Promise<SignIn>;

`AttemptSecondFactorParams`

Name	Type	Description
`strategy`	`'phone_code' \| 'totp'`	The strategy to be used for second factor verification. Possible `strategy` values are `phone_code`: User will receive a one-time authentication code in their phone, via SMS. At least one phone number should be on file for the user. `totp`: User must provide a 6-digit TOTP code generated by their authenticator app. The user will need to have created a TOTP secret beforehand so as to register it on their authentictor app via QR code, URI or even entering the secret itself.
`code`	`string`	For the `phone_code` strategy: The one-time code that was sent to the user as part of the prepareSecondFactor step. For the `totp` strategy: The TOTP generated by the user's authenticator app.

`attemptSecondFactor()` returns

Type	Description
`Promise<SignIn>`	This method returns a `Promise` which resolves with a `SignIn` object. Check the `secondFactorVerification` attribute for the status of the second factor verification process.

Last updated on January 8, 2024

prepareSecondFactor()

PrepareSecondFactorParams

prepareSecondFactor() returns

attemptSecondFactor()

AttemptSecondFactorParams