Method: accounts.mfaSignIn.finalize

Verifies the MFA challenge and performs sign-in

HTTP request

POST https://identitytoolkit.googleapis.com/v2/accounts/mfaSignIn:finalize

The URL uses gRPC Transcoding syntax.

Request body

The request body contains data with the following structure:

JSON representation
{
  "mfaPendingCredential": string,
  "tenantId": string,
  "mfaEnrollmentId": string,

  // Union field verification_info can be only one of the following:
  "phoneVerificationInfo": {
    object (FinalizeMfaPhoneRequestInfo)
  },
  "totpVerificationInfo": {
    object (MfaTotpSignInRequestInfo)
  }
  // End of list of possible types for union field verification_info.
}
Fields
mfaPendingCredential

string

Required. Pending credential from first factor sign-in.

tenantId

string

The ID of the Identity Platform tenant the user is signing in to. If not set, the user will sign in to the default Identity Platform project.

mfaEnrollmentId

string

The MFA enrollment ID from the user's list of current MFA enrollments.

Union field verification_info. Proof of completion of the MFA challenge. verification_info can be only one of the following:
phoneVerificationInfo

object (FinalizeMfaPhoneRequestInfo)

Proof of completion of the SMS based MFA challenge.

totpVerificationInfo

object (MfaTotpSignInRequestInfo)

Proof of completion of the TOTP based MFA challenge.

Response body

mfaSignIn.finalize response.

If successful, the response body contains data with the following structure:

JSON representation
{
  "idToken": string,
  "refreshToken": string,

  // Union field auxiliary_auth_info can be only one of the following:
  "phoneAuthInfo": {
    object (FinalizeMfaPhoneResponseInfo)
  }
  // End of list of possible types for union field auxiliary_auth_info.
}
Fields
idToken

string

ID token for the authenticated user.

refreshToken

string

Refresh token for the authenticated user.

Union field auxiliary_auth_info. MFA verified sign-in information. auxiliary_auth_info can be only one of the following:
phoneAuthInfo

object (FinalizeMfaPhoneResponseInfo)

Extra phone auth info, including android verification proof.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

MfaTotpSignInRequestInfo

TOTP verification info for FinalizeMfaSignInRequest.

JSON representation
{
  "verificationCode": string
}
Fields
verificationCode

string

User-entered verification code.