Two-Step Verification
Learn how to integrate the two-step verification feature into your project to enhance security during user sign-up and login.
Why Use Two-Factor Authentication (2FA)?
Two-step verification (2FA) provides an added layer of security by requiring users to verify their identity using a one-time password (OTP) sent to their registered email. This guide will show you how to configure the signInVerify
function to implement secure user authentication.
Configuring the 2FA Function
1. Integration (PUT Request)
When the user receives a 201
response, display the OTP input screen as demonstrated in our SDK. After capturing the OTP from the user, send the following request to your backend:
2. Error Responses
Status Code | Message |
---|---|
400 | Invalid OTP! |
400 | Invalid request method! |
401 | Your device is unauthorized. |
404 | Session not found. |
500 | An unexpected error occurred. Please report this issue at GitHub. |
3. Success Response
Once you get a 202
response, it means the login was successful. The response will include the following details:
4. Storing Cookies
After receiving the 202
response, you should store the signedJWTToken in cookies. Below is an example of how to store these values using Next.js:
Note: You can use any method of cookie storage depending upon your tech stack.
Resend OTP
If the user hasn't received the OTP or needs to resend it, use the following steps to handle the OTP resend.
1. Integration (PATCH Request)
2. Error Responses
Status Code | Message |
---|---|
400 | Invalid request method! |
400 | You have exceeded the maximum number of OTP resend attempts. |
401 | Your device is unauthorized. |
404 | Session not found. |
500 | An unexpected error occurred. Please report this issue at GitHub. |
3. Success Response
A successful resend request will return a 200
status code and the following response:
Configuring the Session Check Function
Once the signIn
module is set up, the next step is to integrate the session check function to verify user sessions and ensure authenticated users have valid sessions during their interactions with your application.