MFA — Aquilia Documentation
Comprehensive guide and documentation for MFA in the Aquilia framework. View API reference, examples, and implementation patterns.
Security & Auth Multi-Factor Authentication AquilAuth provides a complete MFA system with TOTPProvider (Google Authenticator compatible), WebAuthnProvider (FIDO2 / passkeys), backup recovery codes, and a unified MFAManager. Supported Methods , , , , ].map((m, i) => ( ))} MFACredential Model from aquilia.auth.core import MFACredential, CredentialStatus cred = MFACredential( identity_id="user_42", mfa_type="totp", # totp | webauthn | sms | email mfa_secret="JBSWY3DPEHPK3PXP", # Base32 TOTP secret backup_codes=["hash1", "hash2"], # SHA-256 hashed backup codes webauthn_credentials=[], # FIDO2 public key objects phone_number=None, # For SMS OTP email=None, # For email OTP status=CredentialStatus.ACTIVE, ) TOTP Provider from aquilia.auth.mfa import TOTPProvider totp = TOTPProvider( issuer="Aquilia", # Shown in authenticator app digits=6, # Code length (default 6) period=30, # Seconds per code (default 30) algorithm="SHA1", # SHA1 | SHA256 | SHA512 ) Backup Recovery Codes # Generate 10 backup codes (format: XXXX-XXXX-XXXX) codes = totp.generate_backup_codes(count=10) WebAuthn / FIDO2 from aquilia.auth.mfa import WebAuthnProvider webauthn = WebAuthnProvider( rp_id="myapp.com", # Relying Party ID (domain) rp_name="My Application", # Display name origin="https://myapp.com", # Expected origin ) MFAManager The MFAManager coordinates all MFA providers and handles enrollment and verification workflows. from aquilia.auth.mfa import MFAManager, TOTPProvider, WebAuthnProvider mfa = MFAManager( totp_provider=TOTPProvider(issuer="MyApp"), webauthn_provider=WebAuthnProvider( rp_id="myapp.com", rp_name="My App", origin="https://myapp.com", ), ) MFA + Password Authentication When MFA is enrolled, AuthManager.authenticate_password() raises AUTH_MFA_REQUIRED instead of returning tokens. from aquilia.auth import AuthManager, AUTH_MFA_REQUIRED try: result = await auth.authenticate_password( username="alice@example.com", password="SuperSecret!23", ) except AUTH_MFA_REQUIRED as e: # MFA enrolled — verify code separately pass MFA Faults Fault Code Description ))} )
Go to Homepage