POST `/mfa/push/challenge`

创建Push MFA挑战，通过notification-service推送批准请求到用户设备，包含 Number Matching 防钓鱼保护。参考：NIST SP 800-63B §5.1.7 (Verifier Impersonation Resistance)、OWASP ASVS V2.8。

MFA `bearerAuth` application/json

Request Body

Schema: dto.PushChallengeRequest

Field	Type	Required	Example	Constraints	Description
`device_id`	`string`	No	`dev-001`
`login_context`	`string`	No	`login from Beijing`

Responses

Status	Description	Schema
201	挑战创建成功	`dto.PushChallengeDetailResponse`
400	参数错误	`gitee_com_linmes_authms_base_dto.SimpleResponse`
401	未认证	`gitee_com_linmes_authms_base_dto.SimpleResponse`
404	设备未找到	`gitee_com_linmes_authms_base_dto.SimpleResponse`
429	请求过于频繁	`gitee_com_linmes_authms_base_dto.SimpleResponse`
500	服务器内部错误	`gitee_com_linmes_authms_base_dto.SimpleResponse`

Referenced Schemas

dto.PushChallengeDetailResponse

Field	Type	Required	Example	Constraints	Description
`code`	`integer`	No
`data`	`dto.PushChallengeResponse`	No
`message`	`string`	No
`timestamp`	`string`	No

dto.PushChallengeResponse

Field	Type	Required	Example	Constraints	Description
`challenge_id`	`string`	No	`chal-abc123`
`created_at`	`string`	No	`2026-05-12T12:00:00Z`
`expires_in`	`integer`	No	`120`
`login_context`	`string`	No	`login from Beijing`
`number_matching`	`string`	No	`42`
`status`	`string`	No	`pending`
`user_id`	`string`	No	`user-001`

gitee_com_linmes_authms_base_dto.SimpleResponse

Field	Type	Required	Example	Constraints	Description
`code`	`integer`	No
`message`	`string`	No
`timestamp`	`string`	No

Try this API in Scalar → Download OpenAPI spec (JSON) ↓

↑