Comment on page
Realtime Two Factor Authentication
To learn more about Two Factor Authentication(2FA) in Rocket.Chat, see Two Factor Authentication and REST Two Factor Authentication.
Name | Requires Auth | Permission | Setting |
---|---|---|---|
callWithTwoFactorRequired | Yes | | |
Argument | Example | Required | Description |
---|---|---|---|
code | 56830 | Required | The 2FA code |
ddpMethod | pinMessage | Required
| The initial method for the request you're trying to make. |
method | email | Required | The method of the 2FA, for example -email |
params | { "_id": "298gMs93982Le9A7pZjo2D2iB", "rid": "64a1f373376181965ab77f54", "msg": "Whats 4*!" } | Required | An array of parameters used for the initial method; |
{
"msg": "callWithTwoFactorRequired"
"code": "38290",
"ddpMethod": "updateMessage",
"id": "342",
"method": "email",
"params": [{
"_id": "298gMs93982Le9A7pZjo2D2iB",
"rid": "64a1f373376181965ab77f54",
"msg": "Whats 4*!"
}]
}
When a request that requires 2FA is made without a 2FA code, it returns a TOTP-Require error. The error also details the method of 2FA required ( email or authenticator app).
{
"msg": "result",
"id": "1",
"error": {
"isClientSafe": true,
"error": "totp-required",
"reason": "TOTP Required",
"details": {
"method": "email",
"codeGenerated": false,
"codeCount": 1,
"codeExpires": [
"2019-12-31T22:05:22.159Z"
],
"availableMethods": [
"email"
]
},
"message": "TOTP Required [totp-required]",
"errorType": "Meteor.Error"
}
}
- method: The method selected by the server. It is useful to inform the user where to look for the code.
- codeGenerated: Email only. Used to inform if the code was generated or if there are tokens available already.
- codeCount: (optional) Email only. The number of available codes already sent via email.
- codeExpires: (optional) Email only. A list of expiration dates of the tokens.
- availableMethods: The list of available 2FA methods for Two Factor. It is useful in deciding the method to use when making a request.
If the user didn't receive the 2FA code, you can request to send a new code via email by calling the DDP Method
sendEmailCode
passing the user's email or username. It's required to pass the email or username because this Method can be called when the user is not logged in.- success: array of emails to where the code was sent;
- error-parameter-required: The parameter
emailOrUsername
was not provided; - error-invalid-user: The user was not found with the provided
emailOrUsername
;
Meteor.call('sendEmailCode', emailOrUsername, (error, result) => {});
It's possible to enable the email check by calling the Method
2fa:enable-email
. The two factor via email will only work if the user has at least one verified email.
- success: true is returned;
- error-not-authorized if the user is not logged in;
Meteor.call('2fa:enable-email', (error, result) => {});
To disable the 2FA, call the method
2fa:disable-email
. This Method requires 2FA to be executed.
- success: true is returned;
Meteor.call('2fa:disable-email', (error, result) => {});
Last modified 4mo ago