# Use MFA
Multi-factor authentication (MFA) is a security system that implements multiple authentications to verify the legitimacy of an operation. For example, a bank’s USB, remote login requires mobile phone SMS verification. After reading this tutorial, you can customize the login interface for Authing's MFA secondary authentication.
# Preparation
# API interface
# Query the MFA information opened by the user
Query the MFA information opened by the user
Return the MFA information opened by the user
# Request to bind MFA password
Obtain the MFA QR code and Secret information for display and wait for the user to confirm the binding
After requesting this interface, MFA secondary authentication will not take effect before the user confirms the binding. The interface returns MFA Secret, MFA Uri, MFA QR code Data Url, and recovery code.
# Confirm binding MFA password
Confirm to bind MFA.
After requesting this interface, the user confirms the binding of MFA, and then logs in and asks to enter the MFA password for secondary verification.
# Return MFA Token after one authentication
Call the login method in authing-js-sdk, refer to Login. Or directly call GraphQL interface. You need to store mfaToken for future use.
How to call the SDK:
try {
window.user = await window.authing.login({ email, password });
alert(`Login is successful, information: ${JSON.stringify(window.user)}`);
} catch (err) {
if (err.message.code === 1635) {
console.log(err.message.data.email);
console.log(err.message.data.nickname);
console.log(err.message.data.username);
console.log(err.message.data.avatar);
console.log(err.message.data.mfaToken);
window.mfaToken = err.message.data.mfaToken;
}
alert(err.message.message);
}
The return information of calling the GraphQL interface directly:
{
"errors": [
{
"message": {
"code": 1635,
"message": "Please enter the secondary authentication security code",
"data": {
"MfaToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhIjp7InVzZXJQb29sSWQiOiI1Y2NlNGFhODNlZDlmOTdiNGRmZDk1ZjAiLCJ1c2VySWQiOiI1ZjhlZTYyY2FmYzJmZmFkMzY0MzQ1YjciLCJhcm4iOiJhcm46Y246YXV0aGluZzo1Y2NlNGFhODNlZDlmOTdiNGRmZDk1ZjA6dXNlcjo1ZjhlZTYyY2FmYzJmZmFkMzY0MzQ1YjciLCJzdGFnZSI6MX0sImlhdCI6MTYwMzIwNjcwOCwiZXhwIjoxNjAzMjA3MDY4fQ.PR7LXqpyH - 6sF4eAcOcK1yZBi14lRv_lr9qUtbTQM4",
"nickname": null,
"email": "q3@123.com",
"username": null,
"avatar": "https://usercontents.authing.cn/authing-avatar.png"
}
},
"locations": [{ "line": 2, "column": 9 }],
"path": ["login"],
"extensions": {"code": "INTERNAL_SERVER_ERROR"}
}
],
"data": {"login": null}
}
# Login to verify MFA password
It is used to check whether the password for the second authentication is correct after the first authentication is successful during login.
For users who enable secondary authentication, an mfaToken will be returned after the first authentication is successful, and mfaToken needs to be carried to request this interface to complete the secondary authentication
# Use recovery code
It is used to restore account access when the user loses the MFA password after a successful login.
If the user turns on the secondary authentication and loses the MFA password, you need to use the recovery code to restore account access. Using the recovery code is equivalent to using the MFA password. After using it, a new recovery code will be generated for the user **. The user can unbind the MFA and re-bind the new MFA after logging in.
# MFA Demo
Github: mfa-demo (opens new window)
# How to run
Double-click to open the index.html file.
Or start an http server in the project directory.
$ npm install -g http-server
$ http-server
Then visit 127.0.0.1:8080.