TOTP enrollment and login-challenge completion. Enroll/verify/disable need a bearer; verifyChallenge is public (the challenge token is the credential).
import { GatekeeperCore, MfaService } from '@orkait/sdk';
const mfa = new MfaService(core);Methods#
| Method | Returns | Notes |
|---|---|---|
enroll() | MfaEnrollment | returns secret, qrCodeUri, recoveryCodes |
verifySetup(code) | Message | confirms enrollment with a TOTP code |
disable(code) | Message | requires a current code |
verifyChallenge(challengeToken, code) | AuthTokens | public; completes an MFA login |
Example#
// after AuthService.login returned an MfaChallenge
const tokens = await mfa.verifyChallenge(challenge.challengeToken, '123456');
core.setToken(tokens.accessToken);
// enrollment (authenticated)
const setup = await mfa.enroll(); // show setup.qrCodeUri
await mfa.verifySetup('123456');