/auth/mfa/verify-challenge
使用challenge_token和MFA验证码(TOTP/SMS/Email/Push)完成多因素认证,验证成功后返回真实JWT令牌,替换临时的挑战令牌。参考:RFC 6238 (TOTP)、RFC 4226 (HOTP)、NIST SP 800-63B §5.1、OWASP ASVS V2.8。
Request Body
Schema: dto.VerifyMFAChallengeRequest
| Field | Type | Required | Example | Constraints | Description |
|---|---|---|---|---|---|
challenge_token |
string |
Yes | |||
code |
string |
Yes | |||
mfa_method |
string |
No | totp/sms/email/push — default totp; for push, code is challenge_id |
Responses
| Status | Description | Schema |
|---|---|---|
| 200 | MFA验证成功,返回真实JWT令牌 | dto.LoginResponse |
| 400 | 挑战令牌无效或验证码错误 | gitee_com_linmes_authms_base_dto.SimpleResponse |
| 500 | MFA服务不可用或服务器内部错误 | gitee_com_linmes_authms_base_dto.SimpleResponse |
Referenced Schemas
dto.LoginResponse
用户登录结果
| Field | Type | Required | Example | Constraints | Description |
|---|---|---|---|---|---|
access_token |
string |
No | Access token | ||
challenge_token |
string |
No | MFA challenge token (short-lived, requires MFA verification) | ||
expires_in |
integer |
No | Expiration time | ||
mfa_check_reason |
string |
No | MFA触发原因描述 | ||
must_change_password |
boolean |
No | Password must be changed | ||
password_expires_in |
integer |
No | Days until password expires | ||
password_warning |
string |
No | Password warning: expiring/expired_grace/expired | ||
refresh_token |
string |
No | Refresh token | ||
required_mfa_methods |
array of string |
No | MFA推荐方法列表 | ||
requires_mfa |
boolean |
No | 自适应MFA: 需要额外MFA验证 | ||
risk_assessment |
object |
No | Risk assessment | ||
risk_level |
string |
No | 风险等级: low/medium/high | ||
token_type |
string |
No | Token type | ||
user |
object |
No | User info |
dto.RiskAssessmentInfo
| Field | Type | Required | Example | Constraints | Description |
|---|---|---|---|---|---|
level |
string |
No | |||
recommended_mfa_methods |
array of string |
No | |||
require_mfa |
boolean |
No | |||
score |
integer |
No |
dto.UserInfo
用户基本信息
| Field | Type | Required | Example | Constraints | Description |
|---|---|---|---|---|---|
created_at |
string |
No | Account creation time | ||
email |
string |
No | |||
id |
string |
No | User ID | ||
must_change_password |
boolean |
No | Password must be changed | ||
password_expires_in |
integer |
No | Days until password expires | ||
password_warning |
string |
No | Password warning: expiring/expired_grace/expired | ||
phone |
string |
No | Phone | ||
status |
string |
No | Status | ||
username |
string |
No | Username |
gitee_com_linmes_authms_base_dto.SimpleResponse
| Field | Type | Required | Example | Constraints | Description |
|---|---|---|---|---|---|
code |
integer |
No | |||
message |
string |
No | |||
timestamp |
string |
No |