This section gives the details on MFA password flow.
Prerequisite
You must enable the MFA password configuration for this feature to work. See Enable MFA password flow.
Types of password flow
There are two types of password flow,
- Password flow for a first-time user
- Password flow for old users
Password flow for first-time users
The workflow for the first-time user with an MFA password is as follows:
- First-factor verification. Refer First factor authentication.
- Generate an MFA token, using the token from first-factor authorisation, password, and confirm password -
auth/v1/mfa/token/generate
- Generate an MFA OTP using session ID -
auth/v1/mfa/otp/generate
- Validate the MFA OTP using session ID -
auth/v1/mfa/otp/validate
Below is a flow diagram indicating the steps involved in the password flow for a first-time user.
Password flow for old users
The workflow for an old user with an MFA password is as follows:
- First-factor verification. Refer First factor authentication
- Generate a token using an authorisation token from the first factor -
auth/v1/mfa/token/generate
- Validate password using session ID -
auth/v1/mfa/password/validate
Below is a flow diagram indicating the steps involved in the password flow for an old user.
You can change or re-generate your password. Below are the API endpoints.
- Change password -
auth/v1/password/change
- Create a password when you forget the current password -
auth/v1/mfa/password/forget