Authentication modes#

Checking the status#

Method

GET https://login.company.com/blitz/api/v3/users/{subjectId}/auth

Checking the status of the following authentication modes of the SubjectID account:

  • two-factor authentication enabled;

  • the presence of an established indication of the need to change the password;

  • the presence of a temporary ban on login using a certain login method.

Required permissions: blitz_api_usec or blitz_api_sys_usec.

Returns

  • requiredFactor indicates that two-factor authentication is enabled. It can take the following values:

    • missing, 0 or 1 - disabled,

    • 2 - enabled (2nd authentication factor is required);

  • needPasswordChange indicates the need to change the password when logging in;

  • methodsLocked is a list of blocked authentication methods. The user cannot use these login methods, but can use the rest.

Example

GET /blitz/api/v3/users/d2580c98-e584-4aad-a591-97a8cf45cd2a/auth HTTP/1.1
Authorization: Bearer cNwIXatB0wk5ZHO0xG5kxuuLubesWcb_yPPqLOFWDuwzMDc0Nz
Cache-Control: no-cache

{
    "requiredFactor": 2,
    "needPasswordChange": true,
    "methodsLocked": ["password"]
}

Changing authentication modes#

POST https://login.company.com/blitz/api/v3/users/{subjectId}/auth

Changes to user authentication modes.

Required permissions: blitz_api_usec_chg``or ``blitz_api_sys_usec_chg.

Headers

In user mode, headers with the user’s IP address and User-Agent must be passed.

Request body

It may contain parameters:

  • requiredFactor indicates that two-factor authentication is enabled. Values:

    • null is disabled,

    • 2 is enabled (2nd authentication factor is required);

  • needPasswordChange indicates the need to change the password when logging in – only passing the value true is allowed;

  • methodsLocked is a list of blocked authentication methods. The user cannot use these login methods, but can use the rest. Currently, Blitz Identity Provider only supports blocking the use of password login (password).

Example

POST /blitz/api/v3/users/d2580c98-e584-4aad-a591-97a8cf45cd2a/auth HTTP/1.1
Authorization: Bearer cNwIXatB0wk5ZHO0xG5kxuuLubesWcb_yPPqLOFWDuwzMDc0Nz
X-Forwarded-For: 200.200.100.100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5)…
Content-Type: application/json

{
    "requiredFactor": 2,
    "needPasswordChange": true,
    "methodsLocked": ["password"]
}

{
    "requiredFactor": 2,
    "needPasswordChange": true,
    "methodsLocked": ["password"]
}
HTTP 400 Bad Request: The user has not configured any method for the second authentication factor#
{
    "type": "input_error",
    "error": "wrong_values",
    "errors": [
        {
            "type": "input_error",
            "error": "has_not_sf_methods",
            "desc": "User 'd2580c98-e584-4aad-a591-97a8cf45cd2a' has not any second factor method",
            "pos": "requiredFactor"
        }
    ]
}