Facteurs d’authentification SMS et vocaux pour l’inscription et les défis de connexion
Auth0 offre un flux intégré d’enregistrement et d’authentification MFA en utilisant la connexion universelle. Cependant, si vous souhaitez créer votre propre interface utilisateur, vous pouvez utiliser l’API MFA pour ce faire.
Prérequis
Avant de pouvoir utiliser les API MFA, vous devrez activer le type d’autorisation MFA pour votre application. Accédez à Auth0 Dashboard > Applications > Paramètres avancés > Types d’autorisation et sélectionnez MFA.
Configurez le téléphone comme facteur d’authentification dans Dashboard ou à l’aide de la Management API.
Inscription par SMS ou par la voix
Obtenir un jeton MFA
En fonction du moment où vous lancez l’enregistrement, vous pouvez obtenir un jeton d’accès en utilisant l’API MFA de plusieurs façons :
Si vous vous inscrivez pendant l’authentification, consultez Authentifier avec l’octroi du mot de passe du propriétaire de la ressource et la MFA.
Si vous souhaitez laissez l’utilisateur enregistrer un facteur à tout moment, consultez Gérer les enregistrements des facteurs MFA.
Inscrire des facteurs d’authentification
Faites une demande POST (PUBLIER) au point de terminaison d’association MFA pour enregistrer le facteur d’authentification de l’utilisateur. Le jeton du porteur requis par ce point de terminaison est le jeton MFA obtenu à l’étape précédente.
Pour s’inscrire par SMS ou par la voix, ils s’inscrivent avec un numéro de téléphone, soit par SMS, soit par la voix. Spécifiez les paramètres ci-dessous pour appeler le point de terminaison. Le paramètre oob_channels indique comment vous souhaitez envoyer le code à l’utilisateur (SMS ou voix).
curl --request POST \
--url 'https://{yourDomain}/mfa/associate' \
--header 'authorization: Bearer {mfaToken}' \
--header 'content-type: application/json' \
--data '{ "authenticator_types": ["oob"], "oob_channels": ["sms"], "phone_number": "+11...9" }'Was this helpful?
/
var client = new RestClient("https://{yourDomain}/mfa/associate");
var request = new RestRequest(Method.POST);
request.AddHeader("authorization", "Bearer {mfaToken}");
request.AddHeader("content-type", "application/json");
request.AddParameter("application/json", "{ \"authenticator_types\": [\"oob\"], \"oob_channels\": [\"sms\"], \"phone_number\": \"+11...9\" }", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Was this helpful?
/
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://{yourDomain}/mfa/associate"
payload := strings.NewReader("{ \"authenticator_types\": [\"oob\"], \"oob_channels\": [\"sms\"], \"phone_number\": \"+11...9\" }")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("authorization", "Bearer {mfaToken}")
req.Header.Add("content-type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}Was this helpful?
/
HttpResponse<String> response = Unirest.post("https://{yourDomain}/mfa/associate")
.header("authorization", "Bearer {mfaToken}")
.header("content-type", "application/json")
.body("{ \"authenticator_types\": [\"oob\"], \"oob_channels\": [\"sms\"], \"phone_number\": \"+11...9\" }")
.asString();Was this helpful?
/
var axios = require("axios").default;
var options = {
method: 'POST',
url: 'https://{yourDomain}/mfa/associate',
headers: {authorization: 'Bearer {mfaToken}', 'content-type': 'application/json'},
data: {authenticator_types: ['oob'], oob_channels: ['sms'], phone_number: '+11...9'}
};
axios.request(options).then(function (response) {
console.log(response.data);
}).catch(function (error) {
console.error(error);
});Was this helpful?
/
#import <Foundation/Foundation.h>
NSDictionary *headers = @{ @"authorization": @"Bearer {mfaToken}",
@"content-type": @"application/json" };
NSDictionary *parameters = @{ @"authenticator_types": @[ @"oob" ],
@"oob_channels": @[ @"sms" ],
@"phone_number": @"+11...9" };
NSData *postData = [NSJSONSerialization dataWithJSONObject:parameters options:0 error:nil];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://{yourDomain}/mfa/associate"]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval:10.0];
[request setHTTPMethod:@"POST"];
[request setAllHTTPHeaderFields:headers];
[request setHTTPBody:postData];
NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (error) {
NSLog(@"%@", error);
} else {
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
NSLog(@"%@", httpResponse);
}
}];
[dataTask resume];Was this helpful?
/
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://{yourDomain}/mfa/associate",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{ \"authenticator_types\": [\"oob\"], \"oob_channels\": [\"sms\"], \"phone_number\": \"+11...9\" }",
CURLOPT_HTTPHEADER => [
"authorization: Bearer {mfaToken}",
"content-type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}Was this helpful?
/
import http.client
conn = http.client.HTTPSConnection("")
payload = "{ \"authenticator_types\": [\"oob\"], \"oob_channels\": [\"sms\"], \"phone_number\": \"+11...9\" }"
headers = {
'authorization': "Bearer {mfaToken}",
'content-type': "application/json"
}
conn.request("POST", "/{yourDomain}/mfa/associate", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))Was this helpful?
/
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://{yourDomain}/mfa/associate")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["authorization"] = 'Bearer {mfaToken}'
request["content-type"] = 'application/json'
request.body = "{ \"authenticator_types\": [\"oob\"], \"oob_channels\": [\"sms\"], \"phone_number\": \"+11...9\" }"
response = http.request(request)
puts response.read_bodyWas this helpful?
/
import Foundation
let headers = [
"authorization": "Bearer {mfaToken}",
"content-type": "application/json"
]
let parameters = [
"authenticator_types": ["oob"],
"oob_channels": ["sms"],
"phone_number": "+11...9"
] as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://{yourDomain}/mfa/associate")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()Was this helpful?
/
| Paramètre | Valeur |
|---|---|
authentication_types |
[oob] |
oob_channels |
[sms] ou [voice] |
phone_number |
+11...9, numéro de téléphone format E.164 |
Si l’étape réussie, vous recevez une réponse comme celle-ci :
{
"authenticator_type": "oob",
"binding_method": "prompt",
"recovery_codes": [ "N3BGPZZWJ85JLCNPZBDW6QXC" ],
"oob_channel": "sms",
"oob_code": "ata6daXAiOi..."
}
`Was this helpful?
/
Si vous recevez une erreur User is already enrolled (Utilisateur déjà inscrit), l’utilisateur a déjà un facteur MFA inscrit. Avant d’associer un autre facteur à l’utilisateur, vous devez lancer un défi-réponse à l’utilisateur avec le facteur existant.
Si c’est la première fois que l’utilisateur associe un authentifiant, vous remarquerez que la réponse comprend recovery_codes. Les codes de récupération sont utilisés pour accéder au compte de l’utilisateur dans le cas où il perdrait l’accès au compte ou à l’appareil utilisé pour son authentification à deux facteurs. Ce sont des codes à usage unique, et de nouveaux codes sont générés au besoin.
Confirmez l’inscription par SMS ou par voix
Les utilisateurs recevront un courriel contenant un code à six chiffres qu’il devront saisir dans l’application.
Pour compléter l’inscription, réalisez une requête POST au point de terminaison OAuth Token. Vous devez inclure le oob_code retourné dans la réponse précédente et le binding_code avec la valeur reçue dans le message.
curl --request POST \
--url 'https://{yourDomain}/oauth/token' \
--header 'authorization: Bearer {mfaToken}' \
--header 'content-type: application/x-www-form-urlencoded' \
--data grant_type=http://auth0.com/oauth/grant-type/mfa-oob \
--data 'client_id={yourClientId}' \
--data 'client_secret={yourClientSecret}' \
--data 'mfa_token={mfaToken}' \
--data 'oob_code={oobCode}' \
--data 'binding_code={userOtpCode}'Was this helpful?
/
var client = new RestClient("https://{yourDomain}/oauth/token");
var request = new RestRequest(Method.POST);
request.AddHeader("authorization", "Bearer {mfaToken}");
request.AddHeader("content-type", "application/x-www-form-urlencoded");
request.AddParameter("application/x-www-form-urlencoded", "grant_type=http%3A%2F%2Fauth0.com%2Foauth%2Fgrant-type%2Fmfa-oob&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&mfa_token=%7BmfaToken%7D&oob_code=%7BoobCode%7D&binding_code=%7BuserOtpCode%7D", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Was this helpful?
/
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://{yourDomain}/oauth/token"
payload := strings.NewReader("grant_type=http%3A%2F%2Fauth0.com%2Foauth%2Fgrant-type%2Fmfa-oob&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&mfa_token=%7BmfaToken%7D&oob_code=%7BoobCode%7D&binding_code=%7BuserOtpCode%7D")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("authorization", "Bearer {mfaToken}")
req.Header.Add("content-type", "application/x-www-form-urlencoded")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}Was this helpful?
/
HttpResponse<String> response = Unirest.post("https://{yourDomain}/oauth/token")
.header("authorization", "Bearer {mfaToken}")
.header("content-type", "application/x-www-form-urlencoded")
.body("grant_type=http%3A%2F%2Fauth0.com%2Foauth%2Fgrant-type%2Fmfa-oob&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&mfa_token=%7BmfaToken%7D&oob_code=%7BoobCode%7D&binding_code=%7BuserOtpCode%7D")
.asString();Was this helpful?
/
var axios = require("axios").default;
var options = {
method: 'POST',
url: 'https://{yourDomain}/oauth/token',
headers: {
authorization: 'Bearer {mfaToken}',
'content-type': 'application/x-www-form-urlencoded'
},
data: new URLSearchParams({
grant_type: 'http://auth0.com/oauth/grant-type/mfa-oob',
client_id: '{yourClientId}',
client_secret: '{yourClientSecret}',
mfa_token: '{mfaToken}',
oob_code: '{oobCode}',
binding_code: '{userOtpCode}'
})
};
axios.request(options).then(function (response) {
console.log(response.data);
}).catch(function (error) {
console.error(error);
});Was this helpful?
/
#import <Foundation/Foundation.h>
NSDictionary *headers = @{ @"authorization": @"Bearer {mfaToken}",
@"content-type": @"application/x-www-form-urlencoded" };
NSMutableData *postData = [[NSMutableData alloc] initWithData:[@"grant_type=http://auth0.com/oauth/grant-type/mfa-oob" dataUsingEncoding:NSUTF8StringEncoding]];
[postData appendData:[@"&client_id={yourClientId}" dataUsingEncoding:NSUTF8StringEncoding]];
[postData appendData:[@"&client_secret={yourClientSecret}" dataUsingEncoding:NSUTF8StringEncoding]];
[postData appendData:[@"&mfa_token={mfaToken}" dataUsingEncoding:NSUTF8StringEncoding]];
[postData appendData:[@"&oob_code={oobCode}" dataUsingEncoding:NSUTF8StringEncoding]];
[postData appendData:[@"&binding_code={userOtpCode}" dataUsingEncoding:NSUTF8StringEncoding]];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://{yourDomain}/oauth/token"]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval:10.0];
[request setHTTPMethod:@"POST"];
[request setAllHTTPHeaderFields:headers];
[request setHTTPBody:postData];
NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (error) {
NSLog(@"%@", error);
} else {
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
NSLog(@"%@", httpResponse);
}
}];
[dataTask resume];Was this helpful?
/
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://{yourDomain}/oauth/token",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "grant_type=http%3A%2F%2Fauth0.com%2Foauth%2Fgrant-type%2Fmfa-oob&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&mfa_token=%7BmfaToken%7D&oob_code=%7BoobCode%7D&binding_code=%7BuserOtpCode%7D",
CURLOPT_HTTPHEADER => [
"authorization: Bearer {mfaToken}",
"content-type: application/x-www-form-urlencoded"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}Was this helpful?
/
import http.client
conn = http.client.HTTPSConnection("")
payload = "grant_type=http%3A%2F%2Fauth0.com%2Foauth%2Fgrant-type%2Fmfa-oob&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&mfa_token=%7BmfaToken%7D&oob_code=%7BoobCode%7D&binding_code=%7BuserOtpCode%7D"
headers = {
'authorization': "Bearer {mfaToken}",
'content-type': "application/x-www-form-urlencoded"
}
conn.request("POST", "/{yourDomain}/oauth/token", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))Was this helpful?
/
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://{yourDomain}/oauth/token")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["authorization"] = 'Bearer {mfaToken}'
request["content-type"] = 'application/x-www-form-urlencoded'
request.body = "grant_type=http%3A%2F%2Fauth0.com%2Foauth%2Fgrant-type%2Fmfa-oob&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&mfa_token=%7BmfaToken%7D&oob_code=%7BoobCode%7D&binding_code=%7BuserOtpCode%7D"
response = http.request(request)
puts response.read_bodyWas this helpful?
/
import Foundation
let headers = [
"authorization": "Bearer {mfaToken}",
"content-type": "application/x-www-form-urlencoded"
]
let postData = NSMutableData(data: "grant_type=http://auth0.com/oauth/grant-type/mfa-oob".data(using: String.Encoding.utf8)!)
postData.append("&client_id={yourClientId}".data(using: String.Encoding.utf8)!)
postData.append("&client_secret={yourClientSecret}".data(using: String.Encoding.utf8)!)
postData.append("&mfa_token={mfaToken}".data(using: String.Encoding.utf8)!)
postData.append("&oob_code={oobCode}".data(using: String.Encoding.utf8)!)
postData.append("&binding_code={userOtpCode}".data(using: String.Encoding.utf8)!)
let request = NSMutableURLRequest(url: NSURL(string: "https://{yourDomain}/oauth/token")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()Was this helpful?
/
Si l’appel ne réussi pas, vous recevrez une réponse dans le format suivant, contenant le jeton d’accès :
{
"id_token": "eyJ...i",
"access_token": "eyJ...i",
"expires_in": 600,
"scope": "openid profile",
"token_type": "Bearer"
}Was this helpful?
/
Défi-réponse par SMS ou par la voix
Obtenir un jeton MFA
Obtenez un jeton MFA en suivant les étapes décrites dans Autorisation par mot de passe et MFA dans l’authentification avec le propriétaire de la ressource .
Récupérer les facteurs d’authentification enregistrés
Pour effectuer le défi-réponse avec l’utilisateur, vous aurez besoin de l’authenticator_id pour le facteur que vous désirez utiliser. Vous pouvez énumérer toutes les authentifications à l’aide du point de terminaison des facteurs d’authentification MFA :
curl --request GET \
--url 'https://{yourDomain}/mfa/authenticators' \
--header 'authorization: Bearer MFA_TOKEN' \
--header 'content-type: application/json'Was this helpful?
/
var client = new RestClient("https://{yourDomain}/mfa/authenticators");
var request = new RestRequest(Method.GET);
request.AddHeader("authorization", "Bearer MFA_TOKEN");
request.AddHeader("content-type", "application/json");
IRestResponse response = client.Execute(request);Was this helpful?
/
package main
import (
"fmt"
"net/http"
"io/ioutil"
)
func main() {
url := "https://{yourDomain}/mfa/authenticators"
req, _ := http.NewRequest("GET", url, nil)
req.Header.Add("authorization", "Bearer MFA_TOKEN")
req.Header.Add("content-type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}Was this helpful?
/
HttpResponse<String> response = Unirest.get("https://{yourDomain}/mfa/authenticators")
.header("authorization", "Bearer MFA_TOKEN")
.header("content-type", "application/json")
.asString();Was this helpful?
/
var axios = require("axios").default;
var options = {
method: 'GET',
url: 'https://{yourDomain}/mfa/authenticators',
headers: {authorization: 'Bearer MFA_TOKEN', 'content-type': 'application/json'}
};
axios.request(options).then(function (response) {
console.log(response.data);
}).catch(function (error) {
console.error(error);
});Was this helpful?
/
#import <Foundation/Foundation.h>
NSDictionary *headers = @{ @"authorization": @"Bearer MFA_TOKEN",
@"content-type": @"application/json" };
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://{yourDomain}/mfa/authenticators"]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval:10.0];
[request setHTTPMethod:@"GET"];
[request setAllHTTPHeaderFields:headers];
NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (error) {
NSLog(@"%@", error);
} else {
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
NSLog(@"%@", httpResponse);
}
}];
[dataTask resume];Was this helpful?
/
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://{yourDomain}/mfa/authenticators",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => [
"authorization: Bearer MFA_TOKEN",
"content-type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}Was this helpful?
/
import http.client
conn = http.client.HTTPSConnection("")
headers = {
'authorization': "Bearer MFA_TOKEN",
'content-type': "application/json"
}
conn.request("GET", "/{yourDomain}/mfa/authenticators", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))Was this helpful?
/
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://{yourDomain}/mfa/authenticators")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Get.new(url)
request["authorization"] = 'Bearer MFA_TOKEN'
request["content-type"] = 'application/json'
response = http.request(request)
puts response.read_bodyWas this helpful?
/
import Foundation
let headers = [
"authorization": "Bearer MFA_TOKEN",
"content-type": "application/json"
]
let request = NSMutableURLRequest(url: NSURL(string: "https://{yourDomain}/mfa/authenticators")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "GET"
request.allHTTPHeaderFields = headers
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()Was this helpful?
/
Vous obtiendrez une liste de facteurs d’authentification avec le format suivant :
[
{
"id": "recovery-code|dev_O4KYL4FtcLAVRsCl",
"authenticator_type": "recovery-code",
"active": true
},
{
"id": "sms|dev_NU1Ofuw3Cw0XCt5x",
"authenticator_type": "oob",
"active": true,
"oob_channel": "sms",
"name": "XXXXXXXX8730"
},
{
"id": "voice|dev_NU1Ofuw3Cw0XCt5x",
"authenticator_type": "oob",
"active": true,
"oob_channel": "voice",
"name": "XXXXXXXX8730"
}
]Was this helpful?
/
Défi-réponse avec mot de passe à usage unique
Pour déclencher un défi-réponse POST au point de terminaison du défi-réponse de MFA à l’aide de l’authenticator_id correspondante et du mfa_token.
codeblockOld.header.login.configureSnippet
curl --request POST \
--url 'https://{yourDomain}/mfa/challenge' \
--header 'content-type: application/json' \
--data '{ "client_id": "{yourClientId}", "client_secret": "{yourClientSecret}", "challenge_type": "oob", "authenticator_id": "sms|dev_NU1Ofuw3Cw0XCt5x", "mfa_token": "{mfaToken}" }'Was this helpful?
/
codeblockOld.header.login.configureSnippet
var client = new RestClient("https://{yourDomain}/mfa/challenge");
var request = new RestRequest(Method.POST);
request.AddHeader("content-type", "application/json");
request.AddParameter("application/json", "{ \"client_id\": \"{yourClientId}\", \"client_secret\": \"{yourClientSecret}\", \"challenge_type\": \"oob\", \"authenticator_id\": \"sms|dev_NU1Ofuw3Cw0XCt5x\", \"mfa_token\": \"{mfaToken}\" }", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Was this helpful?
/
codeblockOld.header.login.configureSnippet
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://{yourDomain}/mfa/challenge"
payload := strings.NewReader("{ \"client_id\": \"{yourClientId}\", \"client_secret\": \"{yourClientSecret}\", \"challenge_type\": \"oob\", \"authenticator_id\": \"sms|dev_NU1Ofuw3Cw0XCt5x\", \"mfa_token\": \"{mfaToken}\" }")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("content-type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}Was this helpful?
/
codeblockOld.header.login.configureSnippet
HttpResponse<String> response = Unirest.post("https://{yourDomain}/mfa/challenge")
.header("content-type", "application/json")
.body("{ \"client_id\": \"{yourClientId}\", \"client_secret\": \"{yourClientSecret}\", \"challenge_type\": \"oob\", \"authenticator_id\": \"sms|dev_NU1Ofuw3Cw0XCt5x\", \"mfa_token\": \"{mfaToken}\" }")
.asString();Was this helpful?
/
codeblockOld.header.login.configureSnippet
var axios = require("axios").default;
var options = {
method: 'POST',
url: 'https://{yourDomain}/mfa/challenge',
headers: {'content-type': 'application/json'},
data: {
client_id: '{yourClientId}',
client_secret: '{yourClientSecret}',
challenge_type: 'oob',
authenticator_id: 'sms|dev_NU1Ofuw3Cw0XCt5x',
mfa_token: '{mfaToken}'
}
};
axios.request(options).then(function (response) {
console.log(response.data);
}).catch(function (error) {
console.error(error);
});Was this helpful?
/
codeblockOld.header.login.configureSnippet
#import <Foundation/Foundation.h>
NSDictionary *headers = @{ @"content-type": @"application/json" };
NSDictionary *parameters = @{ @"client_id": @"{yourClientId}",
@"client_secret": @"{yourClientSecret}",
@"challenge_type": @"oob",
@"authenticator_id": @"sms|dev_NU1Ofuw3Cw0XCt5x",
@"mfa_token": @"{mfaToken}" };
NSData *postData = [NSJSONSerialization dataWithJSONObject:parameters options:0 error:nil];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://{yourDomain}/mfa/challenge"]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval:10.0];
[request setHTTPMethod:@"POST"];
[request setAllHTTPHeaderFields:headers];
[request setHTTPBody:postData];
NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (error) {
NSLog(@"%@", error);
} else {
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
NSLog(@"%@", httpResponse);
}
}];
[dataTask resume];Was this helpful?
/
codeblockOld.header.login.configureSnippet
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://{yourDomain}/mfa/challenge",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{ \"client_id\": \"{yourClientId}\", \"client_secret\": \"{yourClientSecret}\", \"challenge_type\": \"oob\", \"authenticator_id\": \"sms|dev_NU1Ofuw3Cw0XCt5x\", \"mfa_token\": \"{mfaToken}\" }",
CURLOPT_HTTPHEADER => [
"content-type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}Was this helpful?
/
codeblockOld.header.login.configureSnippet
import http.client
conn = http.client.HTTPSConnection("")
payload = "{ \"client_id\": \"{yourClientId}\", \"client_secret\": \"{yourClientSecret}\", \"challenge_type\": \"oob\", \"authenticator_id\": \"sms|dev_NU1Ofuw3Cw0XCt5x\", \"mfa_token\": \"{mfaToken}\" }"
headers = { 'content-type': "application/json" }
conn.request("POST", "/{yourDomain}/mfa/challenge", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))Was this helpful?
/
codeblockOld.header.login.configureSnippet
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://{yourDomain}/mfa/challenge")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["content-type"] = 'application/json'
request.body = "{ \"client_id\": \"{yourClientId}\", \"client_secret\": \"{yourClientSecret}\", \"challenge_type\": \"oob\", \"authenticator_id\": \"sms|dev_NU1Ofuw3Cw0XCt5x\", \"mfa_token\": \"{mfaToken}\" }"
response = http.request(request)
puts response.read_bodyWas this helpful?
/
codeblockOld.header.login.configureSnippet
import Foundation
let headers = ["content-type": "application/json"]
let parameters = [
"client_id": "{yourClientId}",
"client_secret": "{yourClientSecret}",
"challenge_type": "oob",
"authenticator_id": "sms|dev_NU1Ofuw3Cw0XCt5x",
"mfa_token": "{mfaToken}"
] as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://{yourDomain}/mfa/challenge")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()Was this helpful?
/
Compléter l’authentification à l’aide du code reçu
Si l’opération réussit, vous recevrez la réponse suivante :
{
"challenge_type": "oob",
"oob_code": "asdae35fdt5...",
"binding_method": "prompt"
}Was this helpful?
/
Votre application doit demander à l’utilisateur le code à 6 chiffres envoyé dans le message et doit être défini dans le paramètre binding_code. Vous pouvez vérifier le code et obtenir des jetons d’authentification à l’aide du point de terminaison du jeton OAuth0, en spécifiant le binding_code et le oob_code renvoyés par l’appel précédent :
curl --request POST \
--url 'https://{yourDomain}/oauth/token' \
--header 'content-type: application/x-www-form-urlencoded' \
--data grant_type=http://auth0.com/oauth/grant-type/mfa-oob \
--data 'client_id={yourClientId}' \
--data 'client_secret={yourClientSecret}' \
--data 'mfa_token={mfaToken}' \
--data 'oob_code={oobCode}' \
--data binding_code=USER_OTP_CODEWas this helpful?
/
var client = new RestClient("https://{yourDomain}/oauth/token");
var request = new RestRequest(Method.POST);
request.AddHeader("content-type", "application/x-www-form-urlencoded");
request.AddParameter("application/x-www-form-urlencoded", "grant_type=http%3A%2F%2Fauth0.com%2Foauth%2Fgrant-type%2Fmfa-oob&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&mfa_token=%7BmfaToken%7D&oob_code=%7BoobCode%7D&binding_code=USER_OTP_CODE", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Was this helpful?
/
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://{yourDomain}/oauth/token"
payload := strings.NewReader("grant_type=http%3A%2F%2Fauth0.com%2Foauth%2Fgrant-type%2Fmfa-oob&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&mfa_token=%7BmfaToken%7D&oob_code=%7BoobCode%7D&binding_code=USER_OTP_CODE")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("content-type", "application/x-www-form-urlencoded")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}Was this helpful?
/
HttpResponse<String> response = Unirest.post("https://{yourDomain}/oauth/token")
.header("content-type", "application/x-www-form-urlencoded")
.body("grant_type=http%3A%2F%2Fauth0.com%2Foauth%2Fgrant-type%2Fmfa-oob&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&mfa_token=%7BmfaToken%7D&oob_code=%7BoobCode%7D&binding_code=USER_OTP_CODE")
.asString();Was this helpful?
/
var axios = require("axios").default;
var options = {
method: 'POST',
url: 'https://{yourDomain}/oauth/token',
headers: {'content-type': 'application/x-www-form-urlencoded'},
data: new URLSearchParams({
grant_type: 'http://auth0.com/oauth/grant-type/mfa-oob',
client_id: '{yourClientId}',
client_secret: '{yourClientSecret}',
mfa_token: '{mfaToken}',
oob_code: '{oobCode}',
binding_code: 'USER_OTP_CODE'
})
};
axios.request(options).then(function (response) {
console.log(response.data);
}).catch(function (error) {
console.error(error);
});Was this helpful?
/
#import <Foundation/Foundation.h>
NSDictionary *headers = @{ @"content-type": @"application/x-www-form-urlencoded" };
NSMutableData *postData = [[NSMutableData alloc] initWithData:[@"grant_type=http://auth0.com/oauth/grant-type/mfa-oob" dataUsingEncoding:NSUTF8StringEncoding]];
[postData appendData:[@"&client_id={yourClientId}" dataUsingEncoding:NSUTF8StringEncoding]];
[postData appendData:[@"&client_secret={yourClientSecret}" dataUsingEncoding:NSUTF8StringEncoding]];
[postData appendData:[@"&mfa_token={mfaToken}" dataUsingEncoding:NSUTF8StringEncoding]];
[postData appendData:[@"&oob_code={oobCode}" dataUsingEncoding:NSUTF8StringEncoding]];
[postData appendData:[@"&binding_code=USER_OTP_CODE" dataUsingEncoding:NSUTF8StringEncoding]];
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://{yourDomain}/oauth/token"]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval:10.0];
[request setHTTPMethod:@"POST"];
[request setAllHTTPHeaderFields:headers];
[request setHTTPBody:postData];
NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (error) {
NSLog(@"%@", error);
} else {
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
NSLog(@"%@", httpResponse);
}
}];
[dataTask resume];Was this helpful?
/
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://{yourDomain}/oauth/token",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "grant_type=http%3A%2F%2Fauth0.com%2Foauth%2Fgrant-type%2Fmfa-oob&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&mfa_token=%7BmfaToken%7D&oob_code=%7BoobCode%7D&binding_code=USER_OTP_CODE",
CURLOPT_HTTPHEADER => [
"content-type: application/x-www-form-urlencoded"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}Was this helpful?
/
import http.client
conn = http.client.HTTPSConnection("")
payload = "grant_type=http%3A%2F%2Fauth0.com%2Foauth%2Fgrant-type%2Fmfa-oob&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&mfa_token=%7BmfaToken%7D&oob_code=%7BoobCode%7D&binding_code=USER_OTP_CODE"
headers = { 'content-type': "application/x-www-form-urlencoded" }
conn.request("POST", "/{yourDomain}/oauth/token", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))Was this helpful?
/
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://{yourDomain}/oauth/token")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["content-type"] = 'application/x-www-form-urlencoded'
request.body = "grant_type=http%3A%2F%2Fauth0.com%2Foauth%2Fgrant-type%2Fmfa-oob&client_id={yourClientId}&client_secret=%7ByourClientSecret%7D&mfa_token=%7BmfaToken%7D&oob_code=%7BoobCode%7D&binding_code=USER_OTP_CODE"
response = http.request(request)
puts response.read_bodyWas this helpful?
/
import Foundation
let headers = ["content-type": "application/x-www-form-urlencoded"]
let postData = NSMutableData(data: "grant_type=http://auth0.com/oauth/grant-type/mfa-oob".data(using: String.Encoding.utf8)!)
postData.append("&client_id={yourClientId}".data(using: String.Encoding.utf8)!)
postData.append("&client_secret={yourClientSecret}".data(using: String.Encoding.utf8)!)
postData.append("&mfa_token={mfaToken}".data(using: String.Encoding.utf8)!)
postData.append("&oob_code={oobCode}".data(using: String.Encoding.utf8)!)
postData.append("&binding_code=USER_OTP_CODE".data(using: String.Encoding.utf8)!)
let request = NSMutableURLRequest(url: NSURL(string: "https://{yourDomain}/oauth/token")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()Was this helpful?
/
Si l’appel ne réussit pas, vous recevrez une réponse dans le format ci-dessous, contenant le jeton d’accès :
{
"id_token": "eyJ...i",
"access_token": "eyJ...i",
"expires_in": 600,
"scope": "openid profile",
"token_type": "Bearer"
}Was this helpful?
/
Remarque : Les retours de SMS et de codes invalides sont soumis à une limitation anti-attaques. Les codes SMS peuvent être envoyés 10 fois et rechargés une fois par heure, tandis que les codes non valides peuvent être renvoyés 10 fois et rechargés une fois toutes les six minutes.
En savoir plus
- Gérer les facteurs d’authentification avec l’Authentication API
- Configuration des notifications SMS et vocales pour l’authentification multifacteur (MFA)
- Défi-réponse avec les codes de récupération
- Inscription et authentifiants par défi-réponse avec courriel
- Inscription et défi des authentificateurs OTP
- Inscrire et lancer un défi-réponse pour les authentifiants Push