Skip to content

Commit

Permalink
makles changes to mfa docs
Browse files Browse the repository at this point in the history
  • Loading branch information
rishabhpoddar committed May 16, 2024
1 parent 840feb1 commit 0a1ba43
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 2 deletions.
8 changes: 6 additions & 2 deletions v2/mfa/email-sms-otp/otp-for-all-users.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -388,7 +388,7 @@ We can know which case it is by checking if the `emails` object returned from [M
#### Case 1 implementation: User needs to enter their email
In this case, we need to create a form wherein the user can enter their email. Once they submit the form, we need to call the [createCode API](/docs/passwordless/custom-ui/login-otp).

After this API call, you can show the user the enter OTP screen, and call the [consumeCode API](/docs/passwordless/custom-ui/login-otp#step-3-verifying-the-input-otp).
After this API call, you can show the user the enter OTP screen, and call the [consumeCode API](/docs/passwordless/custom-ui/login-otp#step-3-verifying-the-input-otp). If the API call returns a `RESTART_FLOW_ERROR`, you can handle this by asking the user to enter their email once again and then call the `createCode` function.

#### Case 2 implementation: User needs to complete the OTP challenge

Expand All @@ -398,12 +398,16 @@ This case is when the user already has an email associated with their account an

You can even show a UI here asking the user to pick an email from the array if you like. Either way, when you have an email, you can all the [createCode API](/docs/passwordless/custom-ui/login-otp) to send the code to that email.

After this API call, you can show the user the enter OTP screen, and call the [consumeCode API](/docs/passwordless/custom-ui/login-otp#step-3-verifying-the-input-otp).
After this API call, you can show the user the enter OTP screen, and call the [consumeCode API](/docs/passwordless/custom-ui/login-otp#step-3-verifying-the-input-otp). If the API call returns a `RESTART_FLOW_ERROR`, you can handle this by calling the `createCode` function once again in the background.

:::note
Notice that in Case 2, there is no UI for the user to enter an email. That happens silently. The user only sees the enter OTP screen.
:::

We recommend that you add a sign out button when showing the second factor (case 1 or case 2) so that users can use this to escape out of the flow in case they are unable to complete the second factor. When the sign out button is clicked, you want to:
- Call the `await clearLoginAttemptInfo()` function (if on web) to clear the state that's set in th browser storage when calling the `createCode` function.
- Call the sign out function / API to clear the tokens.

On successful verification of the code, the `otp-email` factor is marked as completed and the `v` value is updated in the session based on if there are any more factors that the user needs to complete. The next step would be to check this `v` value in the MFA claim and redirect the user to the application page, or get information about the next factor using the [MFA info endpoint](../frontend-setup#mfa-info-endpoint).

</CustomUIContent>
Expand Down
4 changes: 4 additions & 0 deletions v2/mfa/email-sms-otp/otp-for-opt-in-users.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,10 @@ import FrontendMobileSubTabs from "/src/components/tabs/FrontendMobileSubTabs"

# OTP for specific users

:::important
Before reading the below, please first go through the setup for [OTP for all users](./otp-for-all-users) to understand the basics of how MFA with OTP works, and then come back here.
:::

In this page, we will show you how to implement an MFA policy that requires certain users to do the OTP challenge via email or sms. You can decide which those users are based on any criteria. For example:
- Only users that have an `admin` role require to do OTP; OR
- Only users that have enabled OTP on their account require to do OTP; OR
Expand Down

0 comments on commit 0a1ba43

Please sign in to comment.