- HTTP request
- Request body
- Response body
- Authorization scopes
- StartMfaTotpEnrollmentRequestInfo
- StartMfaTotpEnrollmentResponseInfo
- Try it!
Step one of the MFA enrollment process. In SMS case, this sends an SMS verification code to the user.
HTTP request
POST https://identitytoolkit.googleapis.com/v2/accounts/mfaEnrollment:start
The URL uses gRPC Transcoding syntax.
Request body
The request body contains data with the following structure:
JSON representation |
---|
{ "idToken": string, "tenantId": string, // Union field |
Fields | |
---|---|
idToken |
Required. User's ID token. |
tenantId |
The ID of the Identity Platform tenant that the user enrolling MFA belongs to. If not set, the user belongs to the default Identity Platform project. |
Union field enrollment_info . MFA information by type of 2nd factor. enrollment_info can be only one of the following: |
|
phoneEnrollmentInfo |
Verification info to authorize sending an SMS for phone verification. |
totpEnrollmentInfo |
Sign-in info specific to TOTP auth. |
Response body
mfaEnrollment.start response.
If successful, the response body contains data with the following structure:
JSON representation |
---|
{ // Union field |
Fields | |
---|---|
Union field enrollment_response . MFA start enrollment response by 2nd factor type. enrollment_response can be only one of the following: |
|
phoneSessionInfo |
Verification info to authorize sending an SMS for phone verification. |
totpSessionInfo |
Enrollment response info specific to TOTP auth. |
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/identitytoolkit
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
StartMfaTotpEnrollmentRequestInfo
This type has no fields.
Mfa request info specific to TOTP auth for StartMfa.
StartMfaTotpEnrollmentResponseInfo
Mfa response info specific to TOTP auth for StartMfa.
JSON representation |
---|
{ "sharedSecretKey": string, "verificationCodeLength": integer, "hashingAlgorithm": string, "periodSec": integer, "sessionInfo": string, "finalizeEnrollmentTime": string } |
Fields | |
---|---|
sharedSecretKey |
A base 32 encoded string that represents the shared TOTP secret. The base 32 encoding is the one specified by RFC4648#section-6. (This is the same as the base 32 encoding from RFC3548#section-5.) |
verificationCodeLength |
The length of the verification code that needs to be generated. |
hashingAlgorithm |
The hashing algorithm used to generate the verification code. |
periodSec |
Duration in seconds at which the verification code will change. |
sessionInfo |
An encoded string that represents the enrollment session. |
finalizeEnrollmentTime |
The time by which the enrollment must finish. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |