:tocdepth: 3 :py:mod:`gws.base.auth.mfa` =========================== .. py:module:: gws.base.auth.mfa .. autoapi-nested-parse:: Generic multi-factor authentication adapter. Multi-factor authentication (handled in ``gws.plugin.auth_method.web.core`) is used for ``User`` object that provide the attribute ``mfaUid``, which is supposed to be an ID of a configured MFA Adapter. Specific MFA Adapters can require other attributes. Multi-factor authentication starts by creating a `gws.AuthMultiFactorTransaction` object, kept in a session until it is verified or expires. Some Adapters can be restarted (e.g. by resending a verification email). **Source code:** :source:`gws.base.auth.mfa` Module Contents --------------- .. py:class:: Config(*args, **kwargs) Bases: :py:obj:`gws.Config` Multi-factor authorization configuration. .. py:attribute:: lifeTime :type: Optional[gws.Duration] :value: '120' How long to wait for the MFA to complete. .. py:attribute:: maxRestarts :type: int :value: 0 Max code regeneration attempts. .. py:attribute:: maxVerifyAttempts :type: int :value: 3 Max verify attempts. .. py:attribute:: message :type: str :value: '' Message to display in the client. .. py:attribute:: otp :type: Optional[OtpConfig] OTP generation options .. py:class:: Object Bases: :py:obj:`gws.AuthMultiFactorAdapter` Multi-factor authentication adapter. .. py:attribute:: otpOptions :type: gws.lib.otp.Options .. py:method:: check_restart(mfa) Check if the transaction can be restarted. .. py:method:: check_state(mfa) Check if the MFA transaction is valid. .. py:method:: check_totp(mfa: gws.AuthMultiFactorTransaction, input: str) -> bool .. py:method:: configure() Configuration hook. .. py:method:: current_timestamp() .. py:method:: generate_totp(mfa: gws.AuthMultiFactorTransaction) -> str .. py:method:: restart(mfa) Restart the transaction. .. py:method:: start(user) Initialize an MFA transaction for the user. .. py:method:: verify_attempt(mfa, payload_valid: bool) .. py:class:: OtpConfig OTP generation options. .. py:attribute:: algo :type: Optional[str] Hash algorithm for OTP generation. .. py:attribute:: length :type: Optional[int] Length of the OTP code. .. py:attribute:: start :type: Optional[int] Start time for TOTP. .. py:attribute:: step :type: Optional[int] Step time for TOTP. .. py:attribute:: tolerance :type: Optional[int] Tolerance window for TOTP verification.