Authentication - Two Factor Authentication
TOTP-based two-factor authentication enrollment and verification.
📄️ Configure 2FA
Generate a TOTP secret and QR code so the authenticated user can set up two-factor authentication. The secret stays pending until confirmed and saved via the verification endpoints; failures return success=false.
📄️ Check 2FA Secret
Validate a TOTP code against the authenticated user's pending (or active) 2FA secret without enabling 2FA. Returns verify_otp=true when the code matches, otherwise verify_otp=false.
📄️ Verify Session 2FA
Complete a pending 2FA login by validating the TOTP code and, on success, return a new access token. The pending 2FA session expires after 15 minutes; any failure returns verify_otp=false without details.
📄️ Check 2FA
Return whether the authenticated user has two-factor authentication enabled. The success field reflects the 2FA state and is false on any lookup failure.
📄️ Save 2FA
Enable two-factor authentication for the authenticated user by promoting the pending TOTP secret to the active secret. Returns success=false when no pending secret exists or the operation fails.
📄️ Deactivate 2FA
Disable two-factor authentication for the authenticated user and clear the stored TOTP secret. Returns success=true on completion and success=false on failure.