Enable TOTP as 2FA Method

POST 
/api/auth/2fa/totp/setup

Complete the TOTP setup token from GET /api/auth/2fa/setup and a TOTP code from an authenticator app.

You can learn more about this here.

A security alert will be sent to the user's email if this setting is enabled and email is enabled and configured correctly.

Requirements

• The user can authenticate using password. 2FA will not work with OAuth2. The OAuth2 provider will validate the second factor if the user enabled it for the provider.

Locale

A locale can be specified for this request. The email will be sent in the specified locale. You can learn more about locale in emails here.

If no locale is specified, the applications default locale will be used. You can learn more about configuring the default locale here.

Tokens

• A valid AccessToken is required.
• A valid StepUpToken is required. This token should match user and session contained in the AccessToken.

Request

Responses

200

Success.

304

The following error codes correspond to this status:

• TWO_FACTOR_METHOD_ALREADY_ENABLED: Two-factor authentication method is already enabled.

400

The following error codes correspond to this status:

• NO_PASSWORD_PROVIDER: The user needs to set a password in to perform this action.

401

The following error codes correspond to this status:

• ACCESS_TOKEN_EXPIRED: Indicates that the access token is expired.
• ACCESS_TOKEN_INVALID: Indicates that the access token cannot be decoded.
• AUTHENTICATION_REQUIRED: User is not authenticated.
• STEP_UP_TOKEN_EXPIRED: Indicates that the step-up token is expired.
• STEP_UP_TOKEN_INVALID: Indicates that the step-up token cannot be decoded.
• STEP_UP_TOKEN_MISSING: Thrown when the step-up token is missing.
• TOTP_SETUP_TOKEN_EXPIRED: Indicates that the TOTP setup token is expired.
• TOTP_SETUP_TOKEN_INVALID: Indicates that the TOTP setup token cannot be decoded.
• TOTP_SETUP_TOKEN_MISSING: Thrown when the TOTP setup token is missing.
• WRONG_TWO_FACTOR_CODE: Wrong two-factor code.

404

The following error codes correspond to this status:

• USER_NOT_FOUND: User not found.

500

The following error codes correspond to this status:

• ACCESS_TOKEN_ALLOWLIST_READING_FAILURE: Represents an exception indicating a failure when reading the allowlist for an access token cache.
• DATABASE_FAILURE: Exception representing a general failure related to database operations.
• DATABASE_ENCRYPTION_FAILURE: Exception representing a general failure related to database encryption operations.
• HASH_FAILURE: Exception representing a general failure related to hashing operations.
• INVALID_USER_DOCUMENT: A requested user document was stored in an invalid format.
• POST_COMMIT_SIDE_EFFECT_FAILURE: Exception representing a failure to perform a side effect after a successful database operation.
• TOTP_FAILURE: TOTP code validation failed.
• INVALID_PRINCIPAL_DOCUMENT: A requested principal document was stored in an invalid format.