verifyMfaPasswordless
client.verifyMfaPasswordless({ params: VerifyMfaPasswordlessParams })
About this command
Verifies the passwordless flow for MFA with the user verification_code
and challenge_id
.
|
Examples
client.verifyMfaPasswordless({
challengeId: 'm3DaoT...7Rzp1m',
verificationCode: '123456'
})
Parameters
The parameters of the passwordless verify authentication.
|
Response
Type: Promise<AuthResult>
AuthResult object fields
Field | Type | Description | ||
---|---|---|---|---|
|
The user’s newly-generated access token. This a security token that gives access to authorized resources without further identification. It is represented as a JSON Web Token (JWT). |
|||
|
The lifetime of the access token (in seconds).
|
|||
|
The type of token that is issued.
|
|||
|
The user’s newly-generated refresh token.
|
|||
|
The user’s newly-generated ID token. This is a security token that contains authentication claims about the user. It is represented as a JSON Web Token (JWT).
|
|||
|
The body of the ID token which outlines the claims. See ID token payload for more details.
|
|||
|
The authorization code received from the initial authorization call. |
|||
|
An opaque value used to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client. |
|||
|
The step up token needed to complete the stepup flow. |
|||
|
The Authentication Method Reference (
|
|||
|
The name of the social login provider used to log in.
|
|||
|
The access token from the social login provider.
|
ID token payload
The possible claims to assert about an authenticated user are outlined in the table below.
Field | Type | Description | ||
---|---|---|---|---|
|
The type of authentication used. allowed values:
|
|||
|
The birthdate of the profile, represented as an ISO 8601 |
|||
|
The primary email address of the profile. |
|||
|
True if the user’s e-mail address has been verified; otherwise false. |
|||
|
The expiration time claim identifies the point in time (as a Unix timestamp) on or after which the JWT must not be accepted for processing. Example
|
|||
|
The family name of the profile.
|
|||
|
The given name of the profile.
|
|||
|
The gender of the profile.
|
|||
|
The time (as a Unix timestamp) at which the JWT was issued. Example
|
|||
|
The issuer claim identifies the principal that issued the JWT. |
|||
|
The profile’s language code in lowercase and country code in uppercase, separated by a dash (eg |
|||
|
The full name of the profile. |
|||
|
Whether the profile is new. |
|||
|
The subject claim that identifies the profile. |
|||
|
The URL of one of the user’s profile pictures. This URL refers to an image file (PNG, JPEG, or GIF image file). |
|||
|
The URL of one of the user’s profile pages (usually a social provider’s page). |
|||
|
The time the profile’s information was last updated. |
|||
|
The time when end user authentication occurred. The time represents the first authentication of a given underlying session. This is represented as a Unix timestamp. Example
|
Validate MFA flow
If you are using the verifyMfaPasswordless
method as part of the MFA flow. You can decode the token or use the Introspect token to validate MFA for the user.
See the dedicated MFA guide for more details. |