feat(app): add MFA and tsdocker release
This commit is contained in:
@@ -140,6 +140,17 @@ The typed request surface includes:
|
||||
- `getPassportDashboard`, `listPassportAlerts`, and `markPassportAlertSeen` for mobile app dashboards and notifications.
|
||||
- `registerPassportPushToken` for push delivery setup.
|
||||
|
||||
## MFA And Passkeys
|
||||
|
||||
The reception backend supports real multi-factor authentication for account logins:
|
||||
|
||||
- TOTP enrollment with `startTotpEnrollment` and `finishTotpEnrollment`.
|
||||
- Hashed one-time backup codes through `regenerateBackupCodes` and `verifyMfaChallenge`.
|
||||
- WebAuthn passkey registration, revocation, passwordless login, and MFA step-up through the `startPasskey*` and `finishPasskey*` request pairs.
|
||||
- Password and magic-link logins return `twoFaNeeded`, `mfaChallengeToken`, and `availableMfaMethods` instead of a refresh token when MFA is configured.
|
||||
|
||||
TOTP secrets are AES-GCM encrypted. Set `IDP_TOTP_ENCRYPTION_KEY` in production so encrypted credentials remain stable across deployments.
|
||||
|
||||
## SDK Example
|
||||
|
||||
Browser integrations should use the dedicated SDK browser entrypoint published by `@idp.global/sdk`.
|
||||
|
||||
Reference in New Issue
Block a user