IMFAFirstEnabledHook
Hook interface for executing actions when user enables their first MFA device.
Overview
The IMFAFirstEnabledHook interface enables reactions to first-time MFA enrollment, useful for congratulations emails and security milestone tracking.
The hook is non-blocking - errors are logged but do not affect the MFA enrollment operation.
Interface
interface IMFAFirstEnabledHook {
execute(metadata: MFAFirstEnabledMetadata): Promise<void>;
}
Metadata
MFAFirstEnabledMetadata
interface MFAFirstEnabledMetadata {
user: IUser;
firstMethod: MFADeviceMethod;
deviceName?: string;
enforcedAt: Date;
clientInfo?: ClientInfo;
}
| Property | Type | Description |
|---|---|---|
user | IUser | User who enabled first MFA device |
firstMethod | MFADeviceMethod | Type of first MFA device |
deviceName | string | Device name (user-provided label) |
enforcedAt | Date | When MFA was first enforced |
clientInfo | ClientInfo | IP, user agent, location |
When Hook Fires
- User enables first MFA device via
enableMFAForUser()whenisFirstDevice = true
Example
import { IMFAFirstEnabledHook, MFAFirstEnabledMetadata } from '@nauth-toolkit/core';
export class MFAFirstEnabledConfirmationHook implements IMFAFirstEnabledHook {
async execute(metadata: MFAFirstEnabledMetadata): Promise<void> {
await this.emailService.sendMFAEnabledCongratulationsEmail({
to: metadata.user.email,
method: metadata.firstMethod,
});
}
}
Related
- HookRegistryService - Hook registration
- @MFAFirstEnabledHook() - NestJS decorator
- MFADeviceMethod - MFA method enum
- Lifecycle Hooks Guide - Complete hooks overview