Interface: IMFAService
Defined in: src/types/interfaces/mfa.interface.ts:215
MFA service interface.
Remarks
Provides multi-factor authentication for enhanced security.
Example
const mfaService = container.resolve<IMFAService>('IMFAService');
// Enroll TOTP
const enrollment = await mfaService.enrollTOTP(did);
// Display QR code from enrollment.uri
// Verify with code from authenticator app
await mfaService.verifyTOTPEnrollment(did, enrollment.enrollmentId, userCode);
// Later, during login
const result = await mfaService.verifyMFA(did, {
method: 'totp',
value: userCode,
});
Methods
disableTOTP()
disableTOTP(
did):Promise<void>
Defined in: src/types/interfaces/mfa.interface.ts:256
Disable TOTP for user.
Parameters
did
User's DID
Returns
Promise<void>
enrollTOTP()
enrollTOTP(
did,options?):Promise<TOTPEnrollment>
Defined in: src/types/interfaces/mfa.interface.ts:230
Start TOTP enrollment.
Parameters
did
User's DID
options?
TOTP options
Returns
Promise<TOTPEnrollment>
Enrollment with secret and backup codes
Remarks
Generates secret and backup codes. User must verify with a code from their authenticator before enrollment is complete.
getEnrollmentStatus()
getEnrollmentStatus(
did):Promise<MFAEnrollment>
Defined in: src/types/interfaces/mfa.interface.ts:277
Get MFA enrollment status.
Parameters
did
User's DID
Returns
Promise<MFAEnrollment>
Enrollment status
hasMFAEnabled()
hasMFAEnabled(
did):Promise<boolean>
Defined in: src/types/interfaces/mfa.interface.ts:313
Check if user has any MFA methods enrolled.
Parameters
did
User's DID
Returns
Promise<boolean>
True if any MFA method is enabled
isMFARequired()
isMFARequired(
did):Promise<boolean>
Defined in: src/types/interfaces/mfa.interface.ts:303
Check if MFA is required for user.
Parameters
did
User's DID
Returns
Promise<boolean>
True if MFA is required
Remarks
MFA is required for users with elevated roles.
regenerateBackupCodes()
regenerateBackupCodes(
did):Promise<readonlystring[]>
Defined in: src/types/interfaces/mfa.interface.ts:290
Generate new backup codes.
Parameters
did
User's DID
Returns
Promise<readonly string[]>
Array of 10 new backup codes
Remarks
Invalidates existing backup codes and generates new ones.
verifyMFA()
verifyMFA(
did,request):Promise<MFAVerificationResult>
Defined in: src/types/interfaces/mfa.interface.ts:267
Verify MFA code or credential.
Parameters
did
User's DID
request
Verification request
Returns
Promise<MFAVerificationResult>
Verification result
verifyTOTPEnrollment()
verifyTOTPEnrollment(
did,enrollmentId,code):Promise<boolean>
Defined in: src/types/interfaces/mfa.interface.ts:247
Verify TOTP enrollment.
Parameters
did
User's DID
enrollmentId
string
Enrollment ID from enrollTOTP
code
string
TOTP code from authenticator app
Returns
Promise<boolean>
True if enrollment verified
Remarks
Completes TOTP enrollment after user verifies with a code.
Throws
ValidationError if code is invalid