Skip to main content

Authenticator Workflow

In the Authenticator MFA flow, consumers receive a Time-Based One-Time Passcode (TOTP) through an Authenticator App (e.g., Google Authenticator, Microsoft Authenticator) installed on their mobile device. This code is entered during the second step of Multi-Factor Authentication.

MFA Time-based OTP (TOTP) Configuration

  • LoginRadius Console configuration for TOTP is guided in the following document.
  • LoginRadius supports popular TOTP/HOTP-based apps such as Google Authenticator, Microsoft Authenticator, Authy, LastPass, Duo, etc.

Google Authenticator API Implementation

Follow the steps below to implement MFA via our MFA API, which uses a mix of front-end and back-end API calls.

Note: If an API call requires an API Secret, it should be called from the back end. Otherwise, the API call can also be used on the front end.

Set up the initial login using one of the following MFA-enabled APIs:

  • MFA Email Login API: To have a Standard Login flow requiring email and password.
  • MFA UserName Login API: Use UserName and Password instead of Email and Password.
  • MFA Phone Login: If your API has been configured for Phone-based Authentication, use this API to authenticate the user via phone.
    After successful authentication, the response includes details for MFA, including Sms OTP status and available questions:
{
  "SecondFactorAuthentication": {
    "SecondFactorAuthenticationToken": "32ba53ff-XXXX-XXX-XXX-XXXXXXXXXXXX",
    "QRCode": "http://chart.googleapis.com/chart?cht=XXXXXXXXXXXXX",
    "ManualEntryCode": "XXXXXXXXXXXXXXXXXXXX",
    "IsAuthenticatorVerified": false
  },
  "access_token": "00000000-0000-0000-0000-000000000000"
}

Note: The QRCode field provides the link to render the QR code for app scan.