gws.base.auth.mfa

Generic multi-factor authentication adapter.

Multi-factor authentication (handled in gws.plugin.auth_method.web.core`) is used for ``User object that provide the attribute mfaUid, which is supposed to be an ID of a configured MFA Adapter.

Specific MFA Adapters can require other attributes.

Multi-factor authentication starts by creating a gws.AuthMultiFactorTransaction object, kept in a session until it is verified or expires.

Some Adapters can be restarted (e.g. by resending a verification email).

Source code: gws.base.auth.mfa

Module Contents

class gws.base.auth.mfa.Config(*args, **kwargs)

Bases: gws.Config

Multi-factor authorization configuration.

lifeTime: gws.Duration | None = 120

How long to wait for the MFA to complete.

maxRestarts: int = 0

Max code regeneration attempts.

maxVerifyAttempts: int = 3

Max verify attempts.

message: str = ''

Message to display in the client.

otp: OtpConfig | None

OTP generation options

class gws.base.auth.mfa.Object

Bases: gws.AuthMultiFactorAdapter

Multi-factor authentication adapter.

otpOptions: gws.lib.otp.Options

check_restart(mfa)

Check if the transaction can be restarted.

check_state(mfa)

Check if the MFA transaction is valid.

check_totp(mfa: gws.AuthMultiFactorTransaction, input: str) → bool

configure()

Configuration hook.

current_timestamp()

generate_totp(mfa: gws.AuthMultiFactorTransaction) → str

restart(mfa)

Restart the transaction.

start(user)

Initialize an MFA transaction for the user.

verify_attempt(mfa, payload_valid: bool)

class gws.base.auth.mfa.OtpConfig

algo: str | None

length: int | None

start: int | None

step: int | None

tolerance: int | None