- Print
- DarkLight
- PDF
Realtime Two Factor Authentication
- Print
- DarkLight
- PDF
To learn more about Two Factor Authentication(2FA) in Rocket.Chat, see Two Factor Authentication and REST Two Factor Authentication.
Call a method with 2FA
Name | Requires Auth |
---|---|
| Yes |
Payload parameters
Argument | Example | Required | Description |
---|---|---|---|
code |
| Required | The 2FA code |
ddpMethod |
| Required | The initial method for the request you're trying to make. |
method |
| Required | The method of the 2FA, for example -email |
params |
| Required | An array of parameters used for the initial method; |
Example call
{
"msg": "callWithTwoFactorRequired"
"code": "38290",
"ddpMethod": "updateMessage",
"id": "342",
"method": "email",
"params": [{
"_id": "298gMs93982Le9A7pZjo2D2iB",
"rid": "64a1f373376181965ab77f54",
"msg": "Whats 4*!"
}]
}
If the two factor was not accepted the error
totp-invalid
will be returned;
Errors
When a request that requires 2FA is made without a 2FA code, it returns a TOTP-Require error. The error also details the 2FA method required (email or authenticator app).
{
"msg": "result",
"id": "1",
"error": {
"isClientSafe": true,
"error": "totp-required",
"reason": "TOTP Required",
"details": {
"method": "email",
"codeGenerated": false,
"codeCount": 1,
"codeExpires": [
"2019-12-31T22:05:22.159Z"
],
"availableMethods": [
"email"
]
},
"message": "TOTP Required [totp-required]",
"errorType": "Meteor.Error"
}
}
method: The method selected by the server. It is useful to inform the user where to look for the code.
codeGenerated: Email only. Used to inform if the code was generated or if there are tokens available already.
codeCount: (optional) Email only. The number of available codes already sent via email.
codeExpires: (optional) Email only. A list of expiration dates of the tokens.
availableMethods: The list of available 2FA methods for Two Factor. It is useful in deciding the method to use when making a request.
Request a new email code
If the user didn't receive the 2FA code, you can request to send a new code via email by calling the DDP Method sendEmailCode
passing the user's email or username. It's required to pass the email or username because this Method can be called when the user is not logged in.
Response
success: array of emails to where the code was sent;
error-parameter-required: The parameter
emailOrUsername
was not provided;error-invalid-user: The user was not found with the provided
emailOrUsername
;
Example
Meteor.call('sendEmailCode', emailOrUsername, (error, result) => {});
Enable 2FA via email
It's possible to enable the email check by calling the method 2fa:enable-email
.
The two factor via email will only work if the user has at least one verified email.
Result
success: true is returned.
error-not-authorized if the user is not logged in.
Example
Meteor.call('2fa:enable-email', (error, result) => {});
Disable 2FA via email
To disable the 2FA, call the method 2fa:disable-email
.
This method requires 2FA to be executed.
Result
success: true is returned.
error: A 2FA error is returned.
Example
Meteor.call('2fa:disable-email', (error, result) => {});