Executando a Autenticação de Diversos Fatores (MFA)
IBM® Verify Os comandos da API são usados no processo de senha única (OTP) ao usar o MFA para adquirir um token de acesso.
OTP de e-mail: chamada de fator
Usando o allowedFactors indicado, é feita uma chamada para a API de fatores de OTP do e-mail.
POST https://securitypoc.ice.ibmcloud.com/v2.0/factors/emailotp/504a8fab-95d9-44d4-b4af-6a1c143b6031/verifications
Authorization: Bearer lkXMx3tHQjWSalhNmtWIrloMHQOue1ntchRymytL
{"correlation:""}Essas chamadas são feitas usando o token de acesso mfa_challenge. O registro é feito fora da banda como um pré-requisito deste fluxo.
A resposta de iniciação é
{
"id": "d6b3b425-62a3-42e8-bf09-4f15f751c232",
"userId": "60100041I3",
"type": "emailotp",
"created": "2020-07-01T04:00:56.384Z",
"updated": "2020-07-01T04:00:56.384Z",
"expiry": "2020-07-01T04:05:56.384Z",
"state": "PENDING",
"correlation": "9556",
"emailAddress": "scott@acme.org"
}OTP de e-mail: conclusão de fator
POST https://securitypoc.ice.ibmcloud.com/v2.0/factors/emailotp/504a8fab-95d9-44d4-b4af-6a1c143b6031/verifications/d6b3b425-62a3-42e8-bf09-4f15f751c232?returnJwt=true
Authorization: Bearer lkXMx3tHQjWSalhNmtWIrloMHQOue1ntchRymytL
{"otp":"313375"}A chamada de terminal de
verificação inclui o
parâmetro returnJwt.
A resposta de
conclusão do fator é
{
"assertion": "eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhbXIiOlsiZW1haWxvdHAiLCJwYXNzd29yZCJdLCJhdWQiOlsiMWE0MzEwZDQtMDExOC00NTExLTkwODItMzk2NjljY2RjYWQ2IiwiaHR0cHM6Ly9zZWN1cml0eXBvYy5pY2UuaWJtY2xvdWQuY29tL3YxLjAvZW5kcG9pbnQvZGVmYXVsdC90b2tlbiJdLCJleHAiOjE1OTM4OTMyMDQsImZhY3RvciI6ImVtYWlsb3RwIiwiZ3JhbnRfaWQiOiJjMTRjNjNjMS02NDMxLTRjOGYtYThmZS1jOTM5YWZmMDE3NDQiLCJpYXQiOjE1OTM4OTI5MDQsImlzcyI6Imh0dHBzOi8vc2VjdXJpdHlwb2MuaWNlLmlibWNsb3VkLmNvbS92Mi4wL2ZhY3RvcnMiLCJqdGkiOiI2MGZhYjdkNi0zZWZhLTQ4NWUtOTQxNi0zNmM2NDgxMWFlNzYiLCJzdWIiOiI2MDQwMDAzT0g4IiwidGVuYW50SWQiOiJzZWN1cml0eXBvYy5pY2UuaWJtY2xvdWQuY29tIn0.J9_Omrs8vlTz9bgGWVI0T4AssoMP0UFNoDZ_4d93NEELq_kE1qoXw0Ao8_1QMyyYPRhtnCxtpF5NrD7s4yIzU-WnOkV2qXHfVX5nZPJnPOdP3YOOfUiA0sBTqxlAWr_lePaZuMjseKXpB0YP9ntOqo9T0woQ9MUY6B1gPrRbnX9Zzx64RzA3GgUD3_IhgghIcwxYuSZEKzf8PejG-oh70jSE5gkPK8JiEbvc2lVP7tQgdTCdbjRFybST5B57RTdU1X85uQ7fjO4ggxLcYljHPBfOkSgwCBnq6BXwcVo8o4w6XPYQgRnjDFyJJTf7EwLMaoEwjDiGO4wHXmATgitMng"
}MFA: apresentando o JWT novamente ao
/token
POST https://securitypoc.ice.ibmcloud.com/v1.0/endpoint/default/token
client_id=1a4310d4-0118-4511-9082-39669ccdcad6&
client_secret=cmVkYWN0ZWQ&
scope=openid&
grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&
context=eyJzZXNzaW9uSWQiOiAic29tZVNlc3Npb24xMjMiLCAidXNlckFnZW50OiI6ICJzb21lX3VzZXJfYWdlbnQiLCAiaXBBZGRyZXNzIjogIjE5Mi4xNjguMS4xIn0&
assertion=eyJhbGciOiJSUzI1NiIsImtpZCI6InNlcnZlciJ9.eyJhbXIiOlsiZW1haWxvdHAiLCJwYXNzd29yZCJdLCJhdWQiOlsiMWE0MzEwZDQtMDExOC00NTExLTkwODItMzk2NjljY2RjYWQ2IiwiaHR0cHM6Ly9zZWN1cml0eXBvYy5pY2UuaWJtY2xvdWQuY29tL3YxLjAvZW5kcG9pbnQvZGVmYXVsdC90b2tlbiJdLCJleHAiOjE1OTM4OTMyMDQsImZhY3RvciI6ImVtYWlsb3RwIiwiZ3JhbnRfaWQiOiJjMTRjNjNjMS02NDMxLTRjOGYtYThmZS1jOTM5YWZmMDE3NDQiLCJpYXQiOjE1OTM4OTI5MDQsImlzcyI6Imh0dHBzOi8vc2VjdXJpdHlwb2MuaWNlLmlibWNsb3VkLmNvbS92Mi4wL2ZhY3RvcnMiLCJqdGkiOiI2MGZhYjdkNi0zZWZhLTQ4NWUtOTQxNi0zNmM2NDgxMWFlNzYiLCJzdWIiOiI2MDQwMDAzT0g4IiwidGVuYW50SWQiOiJzZWN1cml0eXBvYy5pY2UuaWJtY2xvdWQuY29tIn0.J9_Omrs8vlTz9bgGWVI0T4AssoMP0UFNoDZ_4d93NEELq_kE1qoXw0Ao8_1QMyyYPRhtnCxtpF5NrD7s4yIzU-WnOkV2qXHfVX5nZPJnPOdP3YOOfUiA0sBTqxlAWr_lePaZuMjseKXpB0YP9ntOqo9T0woQ9MUY6B1gPrRbnX9Zzx64RzA3GgUD3_IhgghIcwxYuSZEKzf8PejG-oh70jSE5gkPK8JiEbvc2lVP7tQgdTCdbjRFybST5B57RTdU1X85uQ7fjO4ggxLcYljHPBfOkSgwCBnq6BXwcVo8o4w6XPYQgRnjDFyJJTf7EwLMaoEwjDiGO4wHXmATgitMng
O parâmetro de contexto está inalterado.
Como a MFA
está concluída e todas as regras da política de acesso estão
satisfeitas, a resposta
/token é{
"access_token": "wHl8vG85BD30PQn6xewyp63zmF8zkJFb9Z56Ma6s",
"refresh_token": "FIsrk6n6QCNEQ2e4e6VNUFUmN9fwzwtauCcTjK26Jlt16mSqvw",
"scope": "openid",
"grant_id": "c14c63c1-6431-4c8f-a8fe-c939aff01744",
"id_token": "ey...",
"token_type": "Bearer",
"expires_in": 7199
}