Multi-Factor Authentication (MFA)
Endpoints
| Endpoint | Description |
|---|---|
POST /auth/mfa/verify-login | Complete MFA during login without requiring JWT |
Request Body:
{
"userId": "uuid",
"code": "123456",
"rememberDevice": true,
"deviceInfo": "optional device identifier"
}
DTOs
Registration & verification DTOs under apps/idp/src/app/dto/mfa.dto.ts:
- Setup MFA
- Verify MFA
- Disable MFA
- Backup codes
Providers
| Provider | Environment Variables |
|---|---|
| SMS | TWILIO_ACCOUNT_SID, TWILIO_AUTH_TOKEN, TWILIO_VERIFY_SERVICE_SID |
WHATSAPP_TOKEN |
Preferences
OTP notifications respect user contact preferences (scope OTP), failing open on lookup errors to avoid lockouts.