Difference between revisions of "User:Brad Linden/Login MFA"
Jump to navigation
Jump to search
Brad Linden (talk | contribs) |
Brad Linden (talk | contribs) |
||
| Line 19: | Line 19: | ||
: message to be presented to the user when prompting for token, for example: | : message to be presented to the user when prompting for token, for example: | ||
To continue logging in, enter a new token from your multifactor authentication app. If you feel this is an error, please contact support@secondlife.com | To continue logging in, enter a new token from your multifactor authentication app. If you feel this is an error, please contact support@secondlife.com | ||
; login failure message - | ; updated login failure message - LoginFailedAuthenticationFailed | ||
: new login failure request similar to password failure request. when mfa is required this indicates that either the password or TOTP token entered was not correct. For example: | : new login failure request similar to password failure request. when mfa is required this indicates that either the password or TOTP token entered was not correct. For example: | ||
Sorry! We couldn't log you in. | Sorry! We couldn't log you in. | ||
| Line 25: | Line 25: | ||
* Username (like bobsmith12 or steller.sunshine) | * Username (like bobsmith12 or steller.sunshine) | ||
* Password | * Password | ||
* Token | * Second Factor Token (if enabled) | ||
Also, please make sure your Caps Lock key is off. | Also, please make sure your Caps Lock key is off. | ||
Revision as of 12:23, 16 February 2022
New Parameters
Any viewer that does not supply these fields in its login requests will be interpreted as not supporting MFA features
- "token"
- The user's entered Time based One Time Password (TOTP) token. This should be the empty string for login attempts that are not responding to an MFA challenge.
- "mfa_hash"
- The saved hash value and timestamp from a previously successfully answered MFA challenge. This should be the empty string initially.
New Returned Fields
- "mfa_hash"
- The optional hash value and timestamp from a successfully answered MFA challenge. This should be saved in secure storage scoped to the user and current grid similar to how saved passwords are stored. Currently the timestamps expire after 30 days. Subsequent login attempts for the same user and grid combination should fill in this value in the "mfa_hash" parameter of the login request.
New Errors
- login failure reason - mfa_challenge
- A new failure reason that should be handled by displaying a prompt to enter the TOTP token, and retrying the login request with that value in the "token" parameter.
- login failure message - LoginFailedAuthenticationMFARequired
- message to be presented to the user when prompting for token, for example:
To continue logging in, enter a new token from your multifactor authentication app. If you feel this is an error, please contact support@secondlife.com
- updated login failure message - LoginFailedAuthenticationFailed
- new login failure request similar to password failure request. when mfa is required this indicates that either the password or TOTP token entered was not correct. For example:
Sorry! We couldn't log you in. Please check to make sure you entered the right * Username (like bobsmith12 or steller.sunshine) * Password * Second Factor Token (if enabled) Also, please make sure your Caps Lock key is off.