我构建了一个简单的asp.net核心应用程序,除了使用用户名和密码外,还需要对使用MFA的帐户进行身份验证。
我要登录的服务公开了此处描述的身份验证终结点: https://developer.okta.com/docs/reference/api/authn/#request-example-for-primary-authentication-with-public-application
当我提供用户名和密码时,它将返回预期的JSON:
{
"stateToken": "00zQZJ1ZY3Em2401r4T69Dhx35TdF1VTFP5KRTa8ib",
"expiresAt": "2020-05-30T21:11:14.000Z",
"status": "MFA_REQUIRED",
"_embedded": {
"user": {
"id": "00u10vk1torIgBBxxxxx",
"profile": {
"login": "john.doe@email.com",
"firstName": "John",
"lastName": "Doe",
"locale": "en",
"timeZone": "America/Los_Angeles"
}
},
"factors": [{
"id": "ost1g59468dXOddAE0h8",
"factorType": "token:software:totp",
"provider": "OKTA",
"vendorName": "OKTA",
"profile": {
"credentialId": "john.doe@email.com"
},
"_links": {
"verify": {
"href": "https://company.okta.com/api/v1/authn/factors/ost1g59468dXOddxxxxx/verify",
"hints": {
"allow": ["POST"]
}
}
}
}, {
有人知道我也可以在请求中添加2FA使其生效吗?