MFAMethod

Package: @nauth-toolkit/client Type: Type Alias

Supported multi-factor authentication methods.

import { MFAMethod, MFADeviceMethod } from '@nauth-toolkit/client';

Types

MFAMethod

All supported MFA methods, including backup codes:

type MFAMethod = 'sms' | 'email' | 'totp' | 'passkey' | 'backup';

Value	Description	Use Case
`'sms'`	SMS verification code	Code sent via SMS to user's phone
`'email'`	Email verification code	Code sent to user's email
`'totp'`	Time-based One-Time Password (authenticator app)	Generated by authenticator apps (Google, Authy, etc.)
`'passkey'`	WebAuthn/FIDO2 passkey	Biometric or hardware key authentication
`'backup'`	Backup recovery codes (not a device method)	Single-use codes for account recovery

MFADeviceMethod

Device MFA methods only (excludes 'backup'). Used for:

Preferred method selection
Device setup
Configured methods list

type MFADeviceMethod = 'sms' | 'email' | 'totp' | 'passkey';

Value	Description	Configuration
`'sms'`	SMS verification code	Requires phone number verification
`'email'`	Email verification code	Requires email verification
`'totp'`	Time-based One-Time Password (authenticator app)	Requires secret setup and QR code scan
`'passkey'`	WebAuthn/FIDO2 passkey	Requires WebAuthn credential registration

Method-Specific Parameters

MFA_REQUIRED Challenge

When challengeName === 'MFA_REQUIRED', the challengeParameters include:

{
  preferredMethod?: 'sms' | 'email' | 'totp' | 'passkey';
  availableMethods?: string[];  // All methods user can use
  maskedPhone?: string;         // For SMS: "***-***-1234"
  maskedEmail?: string;         // For Email: "u***r@example.com"
}

MFA_SETUP_REQUIRED Challenge

When challengeName === 'MFA_SETUP_REQUIRED', the challengeParameters include:

{
  allowedMethods?: string[];  // Methods available for setup
}

See AuthResponse.challengeParameters for complete structure.

Example

import { MFAMethod, MFADeviceMethod } from '@nauth-toolkit/client';

// Device method (for setup)
const deviceMethod: MFADeviceMethod = 'totp';
await client.setupMfaDevice(deviceMethod);

// All methods (includes backup for verification)
const allMethods: MFAMethod[] = ['totp', 'sms', 'backup'];

// Handling MFA_REQUIRED challenge
const response = await client.login(email, password);
if (response.challengeName === 'MFA_REQUIRED') {
  const preferredMethod = response.challengeParameters?.preferredMethod;

  if (preferredMethod === 'passkey') {
    // Use WebAuthn API
    const options = await client.getChallengeData(response.session!, 'passkey');
    const credential = await navigator.credentials.get({ publicKey: options });
    await client.respondToChallenge({
      session: response.session!,
      type: 'MFA_REQUIRED',
      method: 'passkey',
      credential,
    });
  } else {
    // Show code input for sms/email/totp/backup
    await client.respondToChallenge({
      session: response.session!,
      type: 'MFA_REQUIRED',
      method: preferredMethod!,
      code: userCode,
    });
  }
}

MFAStatus - Uses MFADeviceMethod for methods and preferredMethod, MFAMethod for availableMethods
ChallengeResponse - Uses MFAMethod in method property
GetSetupDataResponse - Setup data for MFADeviceMethod
GetChallengeDataResponse - Challenge data for MFAMethod

Used By

MFAStatus - methods and preferredMethod use MFADeviceMethod, availableMethods uses MFAMethod
ChallengeResponse - method property uses MFAMethod values
NAuthClient.getSetupData() - Accepts MFADeviceMethod parameter
NAuthClient.getChallengeData() - Accepts MFAMethod parameter
NAuthClient.setupMfaDevice() - Accepts MFADeviceMethod parameter
MFA Setup Guide - Complete MFA setup guide

Types​

MFADeviceMethod​

Method-Specific Parameters​

MFA_REQUIRED Challenge​

MFA_SETUP_REQUIRED Challenge​

Example​

Related Types​

Used By​