Skip to main content

sdk.mfa - Multi-Factor Authentication

getUserDevices

Get all MFA devices for the authenticated user. 
suspend fun getUserDevices(): List<MfaDevice>

Returns

  • List<MfaDevice> - List of MFA devices

Example

viewModelScope.launch {
    try {
        val devices = sdk.mfa.getUserDevices()
        devices.forEach { device ->
            println("Device: ${device.type?.name}, ID: ${device.id}")
        }
    } catch (e: Exception) {
        println("Failed to load devices: ${e.message}")
    }
}

addDevice

Add a new MFA device (TOTP authenticator). 
suspend fun addDevice(type: String): MfaAddDevice

Parameters

  • type (String) - The device type (typically “totp” for authenticator apps)

Returns

  • MfaAddDevice - Device information including the secret for QR code generation

Example

viewModelScope.launch {
    try {
        val device = sdk.mfa.addDevice("totp")
        println("Device added with secret: ${device.secret}")
        // Show QR code to user with device.secret
    } catch (e: Exception) {
        println("Failed to add device: ${e.message}")
    }
}

verifyDevice

Verify a newly added MFA device with a TOTP code. 
suspend fun verifyDevice(code: String, type: String)

Parameters

  • code (String) - The 6-digit TOTP code from the authenticator app
  • type (String) - The device type (typically “totp”)

Example

viewModelScope.launch {
    try {
        sdk.mfa.verifyDevice("123456", "totp")
        println("Device verified successfully")
    } catch (e: Exception) {
        println("Failed to verify device: ${e.message}")
    }
}

authenticateDevice

Authenticate with an MFA device to get an MFA token. 
suspend fun authenticateDevice(params: MfaAuthenticateDevice): String?

Parameters

  • params (MfaAuthenticateDevice) - Authentication parameters:
    • code (String) - The TOTP code
    • deviceId (String) - The device ID
    • createMfaToken (MfaCreateToken) - Token creation parameters

Returns

  • String? - The MFA authentication token

Example

viewModelScope.launch {
    try {
        val token = sdk.mfa.authenticateDevice(
            MfaAuthenticateDevice(
                code = "123456",
                deviceId = deviceId,
                createMfaToken = MfaCreateToken(singleUse = true)
            )
        )
        println("MFA Token: $token")
    } catch (e: Exception) {
        println("Failed to authenticate: ${e.message}")
    }
}

deleteUserDevice

Delete an MFA device. Requires an MFA authentication token. 
suspend fun deleteUserDevice(deviceId: String, mfaAuthToken: String)

Parameters

  • deviceId (String) - The ID of the device to delete
  • mfaAuthToken (String) - MFA token obtained from authenticateDevice

Example

viewModelScope.launch {
    try {
        // First authenticate to get token
        val token = sdk.mfa.authenticateDevice(
            MfaAuthenticateDevice(
                code = "123456",
                deviceId = deviceId,
                createMfaToken = MfaCreateToken(singleUse = true)
            )
        )

        // Then delete the device
        if (!token.isNullOrEmpty()) {
            sdk.mfa.deleteUserDevice(deviceId, token)
            println("Device deleted")
        }
    } catch (e: Exception) {
        println("Failed to delete device: ${e.message}")
    }
}

getRecoveryCodes

Get recovery codes for MFA. Optionally generate new codes. 
suspend fun getRecoveryCodes(generateNewCodes: Boolean = false): List<String>

Parameters

  • generateNewCodes (Boolean) - Whether to generate new recovery codes (default: false)

Returns

  • List<String> - List of recovery codes

Example

viewModelScope.launch {
    try {
        // Get existing codes
        val codes = sdk.mfa.getRecoveryCodes(generateNewCodes = false)
        println("Recovery codes: $codes")

        // Or generate new codes
        val newCodes = sdk.mfa.getRecoveryCodes(generateNewCodes = true)
        println("New recovery codes: $newCodes")
    } catch (e: Exception) {
        println("Failed to get codes: ${e.message}")
    }
}

acknowledgeRecoveryCodes

Mark recovery codes as shown to the user. 
suspend fun acknowledgeRecoveryCodes()

Example

viewModelScope.launch {
    try {
        sdk.mfa.acknowledgeRecoveryCodes()
    } catch (e: Exception) {
        println("Failed to acknowledge: ${e.message}")
    }
}

authenticateRecoveryCode

Authenticate using a recovery code. 
suspend fun authenticateRecoveryCode(code: String)

Parameters

  • code (String) - The recovery code

Example

viewModelScope.launch {
    try {
        sdk.mfa.authenticateRecoveryCode("recovery-code")
        println("Authenticated with recovery code")
    } catch (e: Exception) {
        println("Invalid recovery code: ${e.message}")
    }
}

sdk.passkeys - Passkey Management

getPasskeys

Get all passkeys for the authenticated user. 
suspend fun getPasskeys(): List<UserPasskey>

Returns

  • List<UserPasskey> - List of user passkeys

Example

viewModelScope.launch {
    try {
        val passkeys = sdk.passkeys.getPasskeys()
        passkeys.forEach { passkey ->
            println("ID: ${passkey.id}")
            println("Created: ${passkey.createdAt}")
            println("Last used: ${passkey.lastUsedAt}")
            println("Is default: ${passkey.isDefault}")
        }
    } catch (e: Exception) {
        println("Failed to load passkeys: ${e.message}")
    }
}

registerPasskey

Register a new passkey using the device’s biometric authentication. 
suspend fun registerPasskey()

Example

viewModelScope.launch {
    try {
        sdk.passkeys.registerPasskey()
        println("Passkey registered successfully")
    } catch (e: Exception) {
        println("Failed to register: ${e.message}")
    }
}

authenticatePasskeyMFA

Authenticate with a passkey for MFA purposes, generating an MFA token. 
suspend fun authenticatePasskeyMFA(
    createMfaToken: MfaCreateToken,
    relatedOriginRpId: String?
): PasskeyAuthenticationResponse

Parameters

  • createMfaToken (MfaCreateToken) - Token creation parameters
  • relatedOriginRpId (String?) - Optional related origin RP ID (typically null)

Returns

  • PasskeyAuthenticationResponse - Response containing JWT token

Example

viewModelScope.launch {
    try {
        val response = sdk.passkeys.authenticatePasskeyMFA(
            createMfaToken = MfaCreateToken(singleUse = true),
            relatedOriginRpId = null
        )
        println("MFA Token: ${response.jwt}")
    } catch (e: Exception) {
        println("Failed to authenticate: ${e.message}")
    }
}

deletePasskey

Delete a passkey. 
suspend fun deletePasskey(request: DeletePasskeyRequest)

Parameters

  • request (DeletePasskeyRequest) - Request containing the passkey ID

Example

viewModelScope.launch {
    try {
        sdk.passkeys.deletePasskey(
            DeletePasskeyRequest(passkeyId = passkeyId)
        )
        println("Passkey deleted")
    } catch (e: Exception) {
        println("Failed to delete: ${e.message}")
    }
}

Data Types

MfaDevice

data class MfaDevice(
    val id: String?,
    val type: MfaDeviceType?
)

enum class MfaDeviceType {
    totp
}

MfaAuthenticateDevice

data class MfaAuthenticateDevice(
    val code: String,
    val deviceId: String,
    val createMfaToken: MfaCreateToken
)

MfaCreateToken

data class MfaCreateToken(
    val singleUse: Boolean
)

UserPasskey

data class UserPasskey(
    val id: String,
    val createdAt: String,
    val lastUsedAt: String?,
    val isDefault: Boolean?
)

DeletePasskeyRequest

data class DeletePasskeyRequest(
    val passkeyId: String
)

PasskeyAuthenticationResponse

data class PasskeyAuthenticationResponse(
    val jwt: String?
)