Realtime Two Factor Authentication
    • Dark
      Light
    • PDF

    Realtime Two Factor Authentication

    • Dark
      Light
    • PDF

    Article summary

    To learn more about Two Factor Authentication(2FA) in Rocket.Chat, see Two Factor Authentication and REST Two Factor Authentication.

    Call a method with 2FA

    Name

    Requires Auth

    callWithTwoFactorRequired

    Yes

    Payload parameters

    Argument

    Example

    Required

    Description

    code

    56830

    Required

    The 2FA code

    ddpMethod

    pinMessage

    Required

    The initial method for the request you're trying to make.

    method

    email

    Required

    The method of the 2FA, for example -email

    params

    { "_id": "298gMs93982Le9A7pZjo2D2iB", "rid": "64a1f373376181965ab77f54", "msg": "Whats 4*!" }

    Required

    An array of parameters used for the initial method;

    Example call

    {
        "msg": "callWithTwoFactorRequired"
        "code": "38290",
        "ddpMethod": "updateMessage",
        "id": "342",
        "method": "email",
        "params": [{
            "_id": "298gMs93982Le9A7pZjo2D2iB",
            "rid": "64a1f373376181965ab77f54",
            "msg": "Whats 4*!"
    }]
            
    }

    If the two factor was not accepted the error totp-invalid will be returned;

    Errors

    When a request that requires 2FA is made without a 2FA code, it returns a TOTP-Require error. The error also details the 2FA method required (email or authenticator app).

    {
      "msg": "result",
      "id": "1",
      "error": {
        "isClientSafe": true,
        "error": "totp-required",
        "reason": "TOTP Required",
        "details": {
          "method": "email",
          "codeGenerated": false,
          "codeCount": 1,
          "codeExpires": [
            "2019-12-31T22:05:22.159Z"
          ],
          "availableMethods": [
            "email"
          ]
        },
        "message": "TOTP Required [totp-required]",
        "errorType": "Meteor.Error"
      }
    }
    • method: The method selected by the server. It is useful to inform the user where to look for the code.

    • codeGenerated: Email only. Used to inform if the code was generated or if there are tokens available already.

    • codeCount: (optional) Email only. The number of available codes already sent via email.

    • codeExpires: (optional) Email only. A list of expiration dates of the tokens.

    • availableMethods: The list of available 2FA methods for Two Factor. It is useful in deciding the method to use when making a request.

    Request a new email code

    If the user didn't receive the 2FA code, you can request to send a new code via email by calling the DDP Method sendEmailCode passing the user's email or username. It's required to pass the email or username because this Method can be called when the user is not logged in.

    Response

    • success: array of emails to where the code was sent;

    • error-parameter-required: The parameter emailOrUsername was not provided;

    • error-invalid-user: The user was not found with the provided emailOrUsername;

    Example

    Meteor.call('sendEmailCode', emailOrUsername, (error, result) => {});

    Enable 2FA via email

    It's possible to enable the email check by calling the method 2fa:enable-email.

    The two factor via email will only work if the user has at least one verified email.

    Result

    • success: true is returned.

    • error-not-authorized if the user is not logged in.

    Example

    Meteor.call('2fa:enable-email', (error, result) => {});

    Disable 2FA via email

    To disable the 2FA, call the method 2fa:disable-email.

    This method requires 2FA to be executed.

    Result

    • success: true is returned.

    • error: A 2FA error is returned.

    Example

    Meteor.call('2fa:disable-email', (error, result) => {});


    Was this article helpful?

    What's Next
    Changing your password will log you out immediately. Use the new password to log back in.
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    ESC

    Eddy AI, facilitating knowledge discovery through conversational intelligence