Initiate an MFA challenge.
Challenge options
Challenge response (oobCode, bindingMethod)
Enroll a new MFA authenticator during initial MFA setup.
Enrollment options (otp | oob | email)
Enrollment response with authenticator details and optional recovery codes
List enrolled authenticators for the user. Filters by allowed challenge types from mfa_requirements.
Options containing encrypted mfaToken
Array of authenticators
Verify MFA code and complete authentication. Stores the resulting tokens in the session cookie server-side.
Verification options (otp | oobCode+bindingCode | recoveryCode)
{ success: true } — call getAccessToken() afterward to retrieve the token.
MFA client interface available in both server and client contexts.