GoTrueMFAApi

import type { GoTrueMFAApi } from "https://esm.sh/@supabase/supabase-js@2.101.0/dist/index.d.mts";

Contains the full multi-factor authentication API.

interface GoTrueMFAApi {

webauthn: WebAuthnApi;

challenge(params: MFAChallengeTOTPParams): Promise<Prettify<AuthMFAChallengeTOTPResponse>>;

challenge(params: MFAChallengePhoneParams): Promise<Prettify<AuthMFAChallengePhoneResponse>>;

challenge(params: MFAChallengeWebauthnParams): Promise<Prettify<AuthMFAChallengeWebauthnResponse>>;

challenge(params: MFAChallengeParams): Promise<AuthMFAChallengeResponse>;

challengeAndVerify(params: MFAChallengeAndVerifyParams): Promise<AuthMFAVerifyResponse>;

enroll(params: MFAEnrollTOTPParams): Promise<AuthMFAEnrollTOTPResponse>;

enroll(params: MFAEnrollPhoneParams): Promise<AuthMFAEnrollPhoneResponse>;

enroll(params: MFAEnrollWebauthnParams): Promise<AuthMFAEnrollWebauthnResponse>;

enroll(params: MFAEnrollParams): Promise<AuthMFAEnrollResponse>;

getAuthenticatorAssuranceLevel(jwt?: string): Promise<AuthMFAGetAuthenticatorAssuranceLevelResponse>;

listFactors(): Promise<AuthMFAListFactorsResponse>;

unenroll(params: MFAUnenrollParams): Promise<AuthMFAUnenrollResponse>;

verify(params: MFAVerifyTOTPParams): Promise<AuthMFAVerifyResponse>;

verify(params: MFAVerifyPhoneParams): Promise<AuthMFAVerifyResponse>;

verify(params: MFAVerifyWebauthnParams): Promise<AuthMFAVerifyResponse>;

verify(params: MFAVerifyParams): Promise<AuthMFAVerifyResponse>;

}

§Properties

webauthn: WebAuthnApi

[src]

§Methods

challenge(params: MFAChallengeTOTPParams): Promise<Prettify<AuthMFAChallengeTOTPResponse>>

[src]

Prepares a challenge used to verify that a user has access to a MFA factor.

@example

Create a challenge for a factor

const { data, error } = await supabase.auth.mfa.challenge({
  factorId: '34e770dd-9ff9-416c-87fa-43b31d7ef225'
})

@example

Create a challenge for a phone factor

const { data, error } = await supabase.auth.mfa.challenge({
  factorId: '34e770dd-9ff9-416c-87fa-43b31d7ef225',
})

@example

Create a challenge for a phone factor (WhatsApp)

const { data, error } = await supabase.auth.mfa.challenge({
  factorId: '34e770dd-9ff9-416c-87fa-43b31d7ef225',
  channel: 'whatsapp',
})

@example

challenge(params: MFAChallengePhoneParams): Promise<Prettify<AuthMFAChallengePhoneResponse>>

[src]

challenge(params: MFAChallengeWebauthnParams): Promise<Prettify<AuthMFAChallengeWebauthnResponse>>

[src]

challenge(params: MFAChallengeParams): Promise<AuthMFAChallengeResponse>

[src]

challengeAndVerify(params: MFAChallengeAndVerifyParams): Promise<AuthMFAVerifyResponse>

[src]

Helper method which creates a challenge and immediately uses the given code to verify against it thereafter. The verification code is provided by the user by entering a code seen in their authenticator app.

@example

Create and verify a challenge for a factor

const { data, error } = await supabase.auth.mfa.challengeAndVerify({
  factorId: '34e770dd-9ff9-416c-87fa-43b31d7ef225',
  code: '123456'
})

@example

enroll(params: MFAEnrollTOTPParams): Promise<AuthMFAEnrollTOTPResponse>

[src]

Starts the enrollment process for a new Multi-Factor Authentication (MFA) factor. This method creates a new unverified factor. To verify a factor, present the QR code or secret to the user and ask them to add it to their authenticator app. The user has to enter the code from their authenticator app to verify it.

Upon verifying a factor, all other sessions are logged out and the current session's authenticator level is promoted to aal2.

@example

Enroll a time-based, one-time password (TOTP) factor

const { data, error } = await supabase.auth.mfa.enroll({
  factorType: 'totp',
  friendlyName: 'your_friendly_name'
})

// Use the id to create a challenge.
// The challenge can be verified by entering the code generated from the authenticator app.
// The code will be generated upon scanning the qr_code or entering the secret into the authenticator app.
const { id, type, totp: { qr_code, secret, uri }, friendly_name } = data
const challenge = await supabase.auth.mfa.challenge({ factorId: id });

@example

Enroll a Phone Factor

const { data, error } = await supabase.auth.mfa.enroll({
  factorType: 'phone',
  friendlyName: 'your_friendly_name',
  phone: '+12345678',
})

// Use the id to create a challenge and send an SMS with a code to the user.
const { id, type, friendly_name, phone } = data

const challenge = await supabase.auth.mfa.challenge({ factorId: id });

@example

enroll(params: MFAEnrollPhoneParams): Promise<AuthMFAEnrollPhoneResponse>

[src]

enroll(params: MFAEnrollWebauthnParams): Promise<AuthMFAEnrollWebauthnResponse>

[src]

enroll(params: MFAEnrollParams): Promise<AuthMFAEnrollResponse>

[src]

getAuthenticatorAssuranceLevel(jwt?: string): Promise<AuthMFAGetAuthenticatorAssuranceLevelResponse>

[src]

Returns the Authenticator Assurance Level (AAL) for the active session.

aal1 (or null) means that the user's identity has been verified only with a conventional login (email+password, OTP, magic link, social login, etc.).
aal2 means that the user's identity has been verified both with a conventional login and at least one MFA factor.

When called without a JWT parameter, this method is fairly quick (microseconds) and rarely uses the network. When a JWT is provided (useful in server-side environments like Edge Functions where no session is stored), this method will make a network request to validate the user and fetch their MFA factors.

@param jwt

Takes in an optional access token JWT. If no JWT is provided, the JWT from the current session is used.

@example

Get the AAL details of a session

const { data, error } = await supabase.auth.mfa.getAuthenticatorAssuranceLevel()
const { currentLevel, nextLevel, currentAuthenticationMethods } = data

@example

Get the AAL details for a specific JWT

const { data, error } = await supabase.auth.mfa.getAuthenticatorAssuranceLevel(jwt)

listFactors(): Promise<AuthMFAListFactorsResponse>

[src]

Returns the list of MFA factors enabled for this user.

unenroll(params: MFAUnenrollParams): Promise<AuthMFAUnenrollResponse>

[src]

Unenroll removes a MFA factor. A user has to have an aal2 authenticator level in order to unenroll a verified factor.

@example

Unenroll a factor

const { data, error } = await supabase.auth.mfa.unenroll({
  factorId: '34e770dd-9ff9-416c-87fa-43b31d7ef225',
})

@example

verify(params: MFAVerifyTOTPParams): Promise<AuthMFAVerifyResponse>

[src]

Verifies a code against a challenge. The verification code is provided by the user by entering a code seen in their authenticator app.

@example

Verify a challenge for a factor

const { data, error } = await supabase.auth.mfa.verify({
  factorId: '34e770dd-9ff9-416c-87fa-43b31d7ef225',
  challengeId: '4034ae6f-a8ce-4fb5-8ee5-69a5863a7c15',
  code: '123456'
})

@example

verify(params: MFAVerifyPhoneParams): Promise<AuthMFAVerifyResponse>

[src]

verify(params: MFAVerifyWebauthnParams): Promise<AuthMFAVerifyResponse>

[src]

verify(params: MFAVerifyParams): Promise<AuthMFAVerifyResponse>

[src]