User:Brad Linden/Login MFA

From Second Life Wiki
Revision as of 11:25, 4 February 2022 by Brad Linden (talk | contribs)
Jump to navigation Jump to search

New Parameters

Any viewer that does not supply these fields will be interpreted as not supporting MFA features

"token"
The user's entered Time based One Time Password (TOTP) token. This should be the empty string for login attempts that are not responding to an MFA challenge.
"mfa_hash"
The saved hash value and timestamp from a previously successfully answered MFA challenge. This should be the empty string initially.


New Returned Fields

"mfa_hash"
The optional hash value and timestamp from a successfully answered MFA challenge. This should be saved in secure storage scoped to the user and current grid similar to how passwords ar be stored. Currently the timestamps expire after 30 days. Subsequent login attempts for the same user and grid combination should fill in this value in the "mfa_hash" parameter of the login request.

New Errors

login failure reason - mfa_challenge
A new failure reason that should be handled by displaying a prompt to enter the TOTP token, and retrying the login request with that value in the "token" parameter.
login failure message - LoginFailedAuthenticationMFARequired
message to be presented to the user when prompting for token, for example:
 To continue logging in, enter a new token from your multifactor authentication app. If you feel this is an error, please contact support@secondlife.com
login failure message - LoginFailedAuthenticationFailedMFA
new login failure request similar to password failure request. when mfa is required this indicates that either the password or TOTP token entered was not correct. For example:
 Sorry! We couldn't log you in.
 Please check to make sure you entered the right
   * Username (like bobsmith12 or steller.sunshine)
   * Password
   * Token
 Also, please make sure your Caps Lock key is off.