mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-22 15:11:07 +02:00
Code Issues Projects Releases Wiki Activity
vault/website/content/api-docs/system/mfa/validate.mdx
Erica Thompson 0660ea6fac
Update README (#31244) 
* Update README

Let contributors know that docs will now be located in UDR

* Add comments to each mdx doc

Comment has been added to all mdx docs that are not partials

* chore: added changelog

changelog check failure

* wip: removed changelog

* Fix content errors

* Doc spacing

* Update website/content/docs/deploy/kubernetes/vso/helm.mdx

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

---------

Co-authored-by: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com>
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2025-07-22 08:12:22 -07:00

97 lines
3.0 KiB
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
layout: api
page_title: /sys/mfa/validate - HTTP API
description: >-
The '/sys/mfa/validate' endpoint focuses on validating login MFA requests.
If validation succeeds, it returns an auth response which includes a client token.
---
> [!IMPORTANT]
> **Documentation Update:** Product documentation, which were located in this repository under `/website`, are now located in [`hashicorp/web-unified-docs`](https://github.com/hashicorp/web-unified-docs), colocated with all other product documentation. Contributions to this content should be done in the `web-unified-docs` repo, and not this one. Changes made to `/website` content in this repo will not be reflected on the developer.hashicorp.com website.
## Validate login MFA request
This endpoint validates a login request which is subject to MFA validation.
| Method | Path |
| :----- | :------------------ |
| `POST` | `/sys/mfa/validate` |
### Parameters
- `mfa_request_id` `(string: <required>)` A unique identification of an MFA restricted login request.
This can be found in the MFA requirement included in the auth response of the login request.
- `mfa_payload` `(map<string|[]string>: <required>)` - A map of login MFA methodIDs to passcode credentials.
MFA methodIDs are UUID strings which are used as keys of the map. The values of the map are
string slices. In cases where an MFA method is configured not to use passcodes, the passcode remains an empty string.
### Sample payload
```json
{
"mfa_request_id": "5879c74a-1418-1948-7be9-97b209d693a7",
"mfa_payload": {
"d16fd3c2-50de-0b9b-eed3-0301dadeca10": ["910201"]
}
}
```
As of Vault 1.13.0, it is also possible to use an MFA method name as the key to the `mfa_payload`.
In versions 1.12.x and below,`passcode=` was used for Duo MFA only. Starting in version 1.13.x, `passcode=` is optional for all supported MFA methods.
```json
{
"mfa_request_id": "5879c74a-1418-1948-7be9-97b209d693a7",
"mfa_payload": {
"sample_mfa_method_name": ["passcode=910201"]
}
}
### Sample request
```shell-session
$ curl \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/sys/mfa/validate
```
### Sample response
In cases where MFA validation fails, a 403 status code is returned with
the details about the error.
If MFA validation succeeds, the response is identical to a successful
login request which contains a client token and its accessor.
```json
{
"request_id": "7e7dec1d-311a-ecbd-4dd0-ff12a5e38959",
"lease_id": "",
"lease_duration": 0,
"renewable": false,
"data": null,
"warnings": null,
"auth": {
"client_token": "hvs.CAESIKZJNqQbG9E9cQGPXh68NWxi3xp7yPa1Z1RWv1P9UyHVGh4KHGh2cy5GUmYzTzdJOWhIZGFNSm5jdTBsSVNFSTk",
"accessor": "3fBgbEmHyA5IWABmVEjqManI",
"policies": [
"default"
],
"token_policies": [
"default"
],
"identity_policies": null,
"metadata": {
"username": "alice"
},
"orphan": true,
"entity_id": "caeac75b-dbfe-58be-e3fc-957549b7292e",
"lease_duration": 2764800,
"renewable": true,
"mfa_requirement": null
}
}
```
Reference in New Issue View Git Blame Copy Permalink