Authenticator App (TOTP)
Overview
Using the Authenticator App (TOTP) APIs enables users to sign in with an authenticator app. First you will need to provision the user with a secret seed - either by signing up a new user, or updating an existing user.
For signing up a new user, or updating an existing user with an authenticator app, first call the "Sign-Up" or "Add / Update" API endpoints. These endpoints will generate and provide a seed for the user to configure in the Authenticator App. Once the user configured the app, the "Sign-In / Verify" endpoint should be used to confirm the TOTP code, and complete the setup process.
Once a seed is configured for users, they can sign in with the code (TOTP) that the Authenticator App is generating. Use the "Sign-In / Verify" API Endpoint to sign users in with their loginId and the generated code.
Use Cases
- Sign up a new user
- Add or update an authenticator app for an existing user
- Sign in a user
Examples
Example - user sign-up over email
- Trigger the process with Sign-Up endpoint This will provide the Authenticator App secret seed (a code, or an image in BASE64 encoding)
- Compete the process by verifying the code with Sign In / Verify endpoint When the code is received from the end user, use the Sign In / Verify API to confirm the code. Once confirmed - the process will be completed, and the user will be signed up with the Authenticator App. The Sign In / Verify command will also return the user's Session and Refresh JWT tokens.
Note
This example applies also for the "Add or update an authenticator app for an existing user" use cases.
Example - Sign in a user
- The sign in user is a single-action process with the Authenticator App TOTP code.
Call the Sign In / Verify endpoint with the users loginId and the TOTP code provided by the user to sign the use in. This API endpoint will return a signed in user, with Session and Refresh JWT tokens,