sign-in flow for totp

common/api-review/auth.api.md

@@ -765,18 +765,22 @@ export interface TotpMultiFactorInfo extends MultiFactorInfo {
 
 // @public
 export class TotpSecret {
+    // (undocumented)
     readonly codeIntervalSeconds: number;
+    // (undocumented)
     readonly codeLength: number;
     // Warning: (ae-forgotten-export) The symbol "StartTotpMfaEnrollmentResponse" needs to be exported by the entry point index.d.ts
     //
     // @internal (undocumented)
     static _fromStartTotpMfaEnrollmentResponse(response: StartTotpMfaEnrollmentResponse, auth: AuthInternal): TotpSecret;
     generateQrCodeUrl(accountName?: string, issuer?: string): string;
+    // (undocumented)
     readonly hashingAlgorithm: string;
     // Warning: (ae-forgotten-export) The symbol "TotpVerificationInfo" needs to be exported by the entry point index.d.ts
     //
     // @internal (undocumented)
     _makeTotpVerificationInfo(otp: string): TotpVerificationInfo;
+    // (undocumented)
     readonly secretKey: string;
     }
 

packages/auth/src/api/authentication/mfa.ts

@@ -23,7 +23,7 @@ import {
 } from '../index';
 import { Auth } from '../../model/public_types';
 import { IdTokenResponse } from '../../model/id_token';
-import { MfaEnrollment } from '../account_management/mfa';
+import { MfaEnrollment, TotpVerificationInfo } from '../account_management/mfa';
 import { SignInWithIdpResponse } from './idp';
 import {
   SignInWithPhoneNumberRequest,
@@ -51,13 +51,28 @@ export interface StartPhoneMfaSignInRequest {
   };
   tenantId?: string;
 }
+export interface StartTotpMfaSignInRequest {
+  mfaPendingCredential: string;
+  mfaEnrollmentId: string;
+  TotpSignInInfo: {
+    verificationCode: string;
+  };
+  tenantId?: string;
+}
+
 
 export interface StartPhoneMfaSignInResponse {
   phoneResponseInfo: {
     sessionInfo: string;
   };
 }
 
+export interface StartTotpMfaSignInResponse {
+  TotpSignInInfo: {
+    verificationCode: string;
+  };
+}
+
 export function startSignInPhoneMfa(
   auth: Auth,
   request: StartPhoneMfaSignInRequest
@@ -73,14 +88,38 @@ export function startSignInPhoneMfa(
   );
 }
 
+export function startSignInTotpMfa(
+  auth: Auth,
+  request: StartTotpMfaSignInRequest
+): Promise<StartTotpMfaSignInResponse> {
+  return _performApiRequest<
+    StartTotpMfaSignInRequest,
+    StartTotpMfaSignInResponse
+  >(
+    auth,
+    HttpMethod.POST,
+    Endpoint.START_MFA_SIGN_IN,
+    _addTidIfNecessary(auth, request)
+  );
+}
+
 export interface FinalizePhoneMfaSignInRequest {
   mfaPendingCredential: string;
   phoneVerificationInfo: SignInWithPhoneNumberRequest;
   tenantId?: string;
 }
 
+export interface FinalizeTotpMfaSignInRequest {
+  mfaPendingCredential: string;
+  verificationCode: string
+  tenantId?: string;
+}
+
 export interface FinalizePhoneMfaSignInResponse extends FinalizeMfaResponse {}
 
+export interface FinalizeTotpMfaSignInResponse extends FinalizeMfaResponse {}
+
+
 export function finalizeSignInPhoneMfa(
   auth: Auth,
   request: FinalizePhoneMfaSignInRequest
@@ -96,6 +135,22 @@ export function finalizeSignInPhoneMfa(
   );
 }
 
+export function finalizeSignInTotpMfa(
+  auth: Auth,
+  request: FinalizeTotpMfaSignInRequest
+): Promise<FinalizeTotpMfaSignInResponse> {
+  return _performApiRequest<
+    FinalizeTotpMfaSignInRequest,
+    FinalizeTotpMfaSignInResponse
+  >(
+    auth,
+    HttpMethod.POST,
+    Endpoint.FINALIZE_MFA_SIGN_IN,
+    _addTidIfNecessary(auth, request)
+  );
+}
+
+
 /**
  * @internal
  */

packages/auth/src/mfa/assertions/totp.ts

@@ -26,7 +26,7 @@ import {
   StartTotpMfaEnrollmentResponse,
   TotpVerificationInfo
 } from '../../api/account_management/mfa';
-import { FinalizeMfaResponse } from '../../api/authentication/mfa';
+import { FinalizeMfaResponse, finalizeSignInTotpMfa } from '../../api/authentication/mfa';
 import { MultiFactorAssertionImpl } from '../../mfa/mfa_assertion';
 import { MultiFactorSessionImpl } from '../mfa_session';
 import { AuthErrorCode } from '../../core/errors';
@@ -155,10 +155,19 @@ export class TotpMultiFactorAssertionImpl
 
   /** @internal */
   _finalizeSignIn(
-    _auth: AuthInternal,
-    _mfaPendingCredential: string
+    auth: AuthInternal,
+    mfaPendingCredential: string
   ): Promise<FinalizeMfaResponse> {
-    throw new Error('method not implemented');
+    _assert(
+      typeof this.enrollmentId !== 'undefined'
+      && typeof this.otp !== 'undefined',
+      auth,
+      AuthErrorCode.ARGUMENT_ERROR
+    );
+    return finalizeSignInTotpMfa(auth, {
+      mfaPendingCredential,
+      verificationCode: this.otp,
+    });
   }
 }