luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/website/content/api-docs/system/mfa/validate.mdx
hghaf099 0bf9a38b36
Login MFA docs (#14317) 
* MFA config docs

* correcting some issues

* feedback

* add a note about deleting methods

* Login MFA docs

* rename and mdx

* adding missing docs nav data

* some fixes

* interactive login request

* Apply suggestions from code review

Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>

* feedback

* feedback

* Apply suggestions from code review

Co-authored-by: Pratyoy Mukhopadhyay <35388175+pmmukh@users.noreply.github.com>

* feedback on mount accessor

* Apply suggestions from code review

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
Co-authored-by: Pratyoy Mukhopadhyay <35388175+pmmukh@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>

* Update login-mfa.mdx

Co-authored-by: Josh Black <raskchanky@gmail.com>
Co-authored-by: Josh Black <raskchanky@users.noreply.github.com>
Co-authored-by: Pratyoy Mukhopadhyay <35388175+pmmukh@users.noreply.github.com>
Co-authored-by: Loann Le <84412881+taoism4504@users.noreply.github.com>
2022-03-07 16:26:00 -05:00

84 lines
2.2 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
layout: api
page_title: /sys/mfa/validate - HTTP API
description: >-
The '/sys/mfa/validate' endpoint focuses on validating login MFA requests.
If validation succeeds, it returns an auth response which includes a client token.
---
## Validate Login MFA Request
This endpoint validates a login request which is subject to MFA validation.
| Method | Path |
| :----- | :------------------ |
| `POST` | `/sys/mfa/validate` |
### Parameters
- `mfa_request_id` `(string: <required>)` A unique identification of an MFA restricted login request.
This can be found in the MFA requirement included in the auth response of the login request.
- `mfa_payload` `(map<string|[]string>: <required>)` - A map of login MFA methodIDs to passcode credentials.
MFA methodIDs are UUID strings which are used as keys of the map. The values of the map are
string slices. In cases where an MFA method is configured not to use passcodes, the passcode remains an empty string.
### Sample Payload
```json
{
"mfa_request_id": "5879c74a-1418-1948-7be9-97b209d693a7",
"mfa_payload": {
"d16fd3c2-50de-0b9b-eed3-0301dadeca10": ["910201"]
}
}
```
### Sample Request
```shell-session
$ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/mfa/validate
```
### Sample Response
In cases where MFA validation fails, a 403 status code is returned with
the details about the error.
If MFA validation succeeds, the response is identical to a successful
login request which contains a client token and its accessor.
```json
{
"request_id": "7e7dec1d-311a-ecbd-4dd0-ff12a5e38959",
"lease_id": "",
"lease_duration": 0,
"renewable": false,
"data": null,
"warnings": null,
"auth": {
"client_token": "hvs.CAESIKZJNqQbG9E9cQGPXh68NWxi3xp7yPa1Z1RWv1P9UyHVGh4KHGh2cy5GUmYzTzdJOWhIZGFNSm5jdTBsSVNFSTk",
"accessor": "3fBgbEmHyA5IWABmVEjqManI",
"policies": [
"default"
],
"token_policies": [
"default"
],
"identity_policies": null,
"metadata": {
"username": "alice"
},
"orphan": true,
"entity_id": "caeac75b-dbfe-58be-e3fc-957549b7292e",
"lease_duration": 2764800,
"renewable": true,
"mfa_requirement": null
}
}
```
Reference in a new issue View git blame Copy permalink