luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/website/content/api-docs/system/mfa/validate.mdx

83 lines
2.2 KiB
Plaintext
Raw Normal View History

Login MFA docs (#14317) * MFA config docs * correcting some issues * feedback * add a note about deleting methods * Login MFA docs * rename and mdx * adding missing docs nav data * some fixes * interactive login request * Apply suggestions from code review Co-authored-by: Josh Black <raskchanky@users.noreply.github.com> * feedback * feedback * Apply suggestions from code review Co-authored-by: Pratyoy Mukhopadhyay <35388175+pmmukh@users.noreply.github.com> * feedback on mount accessor * Apply suggestions from code review Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com> Co-authored-by: Pratyoy Mukhopadhyay <35388175+pmmukh@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com> * Update login-mfa.mdx Co-authored-by: Josh Black <raskchanky@gmail.com> Co-authored-by: Josh Black <raskchanky@users.noreply.github.com> Co-authored-by: Pratyoy Mukhopadhyay <35388175+pmmukh@users.noreply.github.com> Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-03-07 21:26:00 +00:00
---
layout: api
page_title: /sys/mfa/validate - HTTP API
description: >-
The '/sys/mfa/validate' endpoint focuses on validating login MFA requests.
If validation succeeds, it returns an auth response which includes a client token.
---
## Validate Login MFA Request
This endpoint validates a login request which is subject to MFA validation.
| Method | Path |
| :----- | :------------------ |
| `POST` | `/sys/mfa/validate` |
### Parameters
- `mfa_request_id` `(string: <required>)` A unique identification of an MFA restricted login request.
This can be found in the MFA requirement included in the auth response of the login request.
- `mfa_payload` `(map<string|[]string>: <required>)` - A map of login MFA methodIDs to passcode credentials.
MFA methodIDs are UUID strings which are used as keys of the map. The values of the map are
string slices. In cases where an MFA method is configured not to use passcodes, the passcode remains an empty string.
### Sample Payload
```json
{
"mfa_request_id": "5879c74a-1418-1948-7be9-97b209d693a7",
"mfa_payload": {
"d16fd3c2-50de-0b9b-eed3-0301dadeca10": ["910201"]
}
}
```
### Sample Request
```shell-session
$ curl \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/mfa/validate
```
### Sample Response
In cases where MFA validation fails, a 403 status code is returned with
the details about the error.
If MFA validation succeeds, the response is identical to a successful
login request which contains a client token and its accessor.
```json
{
"request_id": "7e7dec1d-311a-ecbd-4dd0-ff12a5e38959",
"lease_id": "",
"lease_duration": 0,
"renewable": false,
"data": null,
"warnings": null,
"auth": {
"client_token": "hvs.CAESIKZJNqQbG9E9cQGPXh68NWxi3xp7yPa1Z1RWv1P9UyHVGh4KHGh2cy5GUmYzTzdJOWhIZGFNSm5jdTBsSVNFSTk",
"accessor": "3fBgbEmHyA5IWABmVEjqManI",
"policies": [
"default"
],
"token_policies": [
"default"
],
"identity_policies": null,
"metadata": {
"username": "alice"
},
"orphan": true,
"entity_id": "caeac75b-dbfe-58be-e3fc-957549b7292e",
"lease_duration": 2764800,
"renewable": true,
"mfa_requirement": null
}
}
```
Reference in a new issue Copy permalink