Class: MFAService
Defined in: src/auth/mfa/mfa-service.ts:171
MFA service implementation.
Remarks
Provides TOTP enrollment, verification, and backup code management.
Example
const mfaService = new MFAService({
redis,
logger,
});
// Enroll TOTP
const enrollment = await mfaService.enrollTOTP(did);
// User scans QR code...
// Verify and activate
await mfaService.verifyTOTPEnrollment(did, enrollment.enrollmentId, userCode);
// Later, verify during login
const result = await mfaService.verifyMFA(did, {
method: 'totp',
value: userCode,
});
Implements
Constructors
new MFAService()
new MFAService(
options):MFAService
Defined in: src/auth/mfa/mfa-service.ts:184
Creates a new MFAService.
Parameters
options
Service options
Returns
Methods
disableTOTP()
disableTOTP(
did):Promise<void>
Defined in: src/auth/mfa/mfa-service.ts:295
Disables TOTP for a user.
Parameters
did
User's DID
Returns
Promise<void>
Implementation of
enrollTOTP()
enrollTOTP(
did,options?):Promise<TOTPEnrollment>
Defined in: src/auth/mfa/mfa-service.ts:202
Starts TOTP enrollment for a user.
Parameters
did
User's DID
options?
TOTP options
Returns
Promise<TOTPEnrollment>
TOTP enrollment with secret and URI
Implementation of
getEnrollmentStatus()
getEnrollmentStatus(
did):Promise<MFAEnrollment>
Defined in: src/auth/mfa/mfa-service.ts:384
Gets MFA enrollment status for a user.
Parameters
did
User's DID
Returns
Promise<MFAEnrollment>
Enrollment status
Implementation of
IMFAService.getEnrollmentStatus
hasMFAEnabled()
hasMFAEnabled(
did):Promise<boolean>
Defined in: src/auth/mfa/mfa-service.ts:468
Checks if user has any MFA methods enabled.
Parameters
did
User's DID
Returns
Promise<boolean>
True if any MFA method is enabled
Implementation of
isMFARequired()
isMFARequired(
did):Promise<boolean>
Defined in: src/auth/mfa/mfa-service.ts:456
Checks if MFA is required for a user.
Parameters
did
User's DID
Returns
Promise<boolean>
True if MFA is required
Implementation of
regenerateBackupCodes()
regenerateBackupCodes(
did):Promise<readonlystring[]>
Defined in: src/auth/mfa/mfa-service.ts:422
Regenerates backup codes.
Parameters
did
User's DID
Returns
Promise<readonly string[]>
Array of new backup codes
Implementation of
IMFAService.regenerateBackupCodes
verifyMFA()
verifyMFA(
did,request):Promise<MFAVerificationResult>
Defined in: src/auth/mfa/mfa-service.ts:311
Verifies an MFA code or credential.
Parameters
did
User's DID
request
Verification request
Returns
Promise<MFAVerificationResult>
Verification result
Implementation of
verifyTOTPEnrollment()
verifyTOTPEnrollment(
did,enrollmentId,code):Promise<boolean>
Defined in: src/auth/mfa/mfa-service.ts:250
Verifies a TOTP code and completes enrollment.
Parameters
did
User's DID
enrollmentId
string
Enrollment ID from enrollTOTP
code
string
TOTP code from authenticator app
Returns
Promise<boolean>
True if enrollment verified