POST `/mfa/step-up`

对已登录用户的敏感操作进行二次MFA认证验证，支持TOTP、短信、邮箱三种方式。使用限流保护。参考：NIST SP 800-63B §5.1.7、OWASP ASVS V2.8。

MFA `bearerAuth` application/json

Request Body

Schema: dto.StepUpRequest

Field	Type	Required	Example	Constraints	Description
`code`	`string`	Yes	`123456`
`method`	`string`	Yes	`totp`	enum: `totp`, `sms`, `email`
`user_id`	`string`	Yes	`usr_abc123`

Responses

Status	Description	Schema
200	步进认证结果	`dto.StepUpDetailResponse`
400	参数错误	`gitee_com_linmes_authms_base_dto.SimpleResponse`
401	未认证	`gitee_com_linmes_authms_base_dto.SimpleResponse`
429	请求过于频繁	`gitee_com_linmes_authms_base_dto.SimpleResponse`
500	服务器内部错误	`gitee_com_linmes_authms_base_dto.SimpleResponse`

Referenced Schemas

dto.StepUpDetailResponse

Field	Type	Required	Example	Constraints	Description
`code`	`integer`	No
`data`	`dto.StepUpResponse`	No
`message`	`string`	No
`timestamp`	`string`	No

dto.StepUpResponse

Field	Type	Required	Example	Constraints	Description
`expires_in`	`integer`	No	`300`
`message`	`string`	No	`step-up authentication successful`
`step_up_token`	`string`	No	`eyJ...`
`valid`	`boolean`	No	`True`

gitee_com_linmes_authms_base_dto.SimpleResponse

Field	Type	Required	Example	Constraints	Description
`code`	`integer`	No
`message`	`string`	No
`timestamp`	`string`	No

Try this API in Scalar → Download OpenAPI spec (JSON) ↓

↑