Initiate an MFA challenge.
Challenge options
Challenge response (oobCode, bindingMethod)
Enroll a new MFA authenticator during initial MFA setup.
Enrollment options (otp | oob | email)
Enrollment response with authenticator details and optional recovery codes
List enrolled authenticators for the user. Filters by allowed challenge types from mfa_requirements.
Options containing encrypted mfaToken
Array of authenticators
Verify MFA code and complete authentication. Caches resulting access token in session.
Verification options (otp | oobCode+bindingCode | recoveryCode)
Token response with access token, refresh token, etc.
MFA client interface available in both server and client contexts.