- HTTP request
- Request body
- Response body
- Authorization scopes
- StartMfaTotpEnrollmentRequestInfo
- StartMfaTotpEnrollmentResponseInfo
- Try it!
Step one of the MFA enrollment process. In SMS case, this sends an SMS verification code to the user.
HTTP request
POST https://identitytoolkit.googleapis.com/v2/accounts/mfaEnrollment:start
The URL uses gRPC Transcoding syntax.
Request body
The request body contains data with the following structure:
JSON representation |
---|
{ "idToken": string, "tenantId": string, // Union field |
Fields | |
---|---|
idToken |
Required. User's ID token. |
tenantId |
The ID of the Identity Platform tenant that the user enrolling MFA belongs to. If not set, the user belongs to the default Identity Platform project. |
Union field enrollment_info . MFA information by type of 2nd factor. enrollment_info can be only one of the following: |
|
phoneEnrollmentInfo |
Verification info to authorize sending an SMS for phone verification. |
totpEnrollmentInfo |
Sign-in info specific to TOTP auth. |
Response body
If successful, the response body contains data with the following structure:
mfaEnrollment.start response.
JSON representation |
---|
{ // Union field |
Fields | |
---|---|
Union field enrollment_response . MFA start enrollment response by 2nd factor type. enrollment_response can be only one of the following: |
|
phoneSessionInfo |
Verification info to authorize sending an SMS for phone verification. |
totpSessionInfo |
Enrollment response info specific to TOTP auth. |
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/identitytoolkit
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
StartMfaTotpEnrollmentRequestInfo
Mfa request info specific to TOTP auth for StartMfa.
StartMfaTotpEnrollmentResponseInfo
Mfa response info specific to TOTP auth for StartMfa.
JSON representation |
---|
{ "sharedSecretKey": string, "verificationCodeLength": integer, "hashingAlgorithm": string, "periodSec": integer, "sessionInfo": string, "finalizeEnrollmentTime": string } |
Fields | |
---|---|
sharedSecretKey |
A base 32 encoded string that represents the shared TOTP secret. The base 32 encoding is the one specified by RFC4648#section-6. (This is the same as the base 32 encoding from RFC3548#section-5.) |
verificationCodeLength |
The length of the verification code that needs to be generated. |
hashingAlgorithm |
The hashing algorithm used to generate the verification code. |
periodSec |
Duration in seconds at which the verification code will change. |
sessionInfo |
An encoded string that represents the enrollment session. |
finalizeEnrollmentTime |
The time by which the enrollment must finish. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |