Verifies the MFA challenge and performs sign-in
HTTP request
POST https://identitytoolkit.googleapis.com/v2/accounts/mfaSignIn:finalize
The URL uses gRPC Transcoding syntax.
Request body
The request body contains data with the following structure:
| JSON representation |
|---|
{ "mfaPendingCredential" : string , "tenantId" : string , "mfaEnrollmentId" : string , // Union field |
mfaPendingCredential
string
Required. Pending credential from first factor sign-in.
tenantId
string
The ID of the Identity Platform tenant the user is signing in to. If not set, the user will sign in to the default Identity Platform project.
mfaEnrollmentId
string
The MFA enrollment ID from the user's list of current MFA enrollments.
verification_info
. Proof of completion of the MFA challenge. verification_info
can be only one of the following:phoneVerificationInfo
object (
FinalizeMfaPhoneRequestInfo
)
Proof of completion of the SMS based MFA challenge.
totpVerificationInfo
object (
MfaTotpSignInRequestInfo
)
Proof of completion of the TOTP based MFA challenge.
Response body
mfaSignIn.finalize response.
If successful, the response body contains data with the following structure:
| JSON representation |
|---|
{ "idToken" : string , "refreshToken" : string , // Union field |
idToken
string
ID token for the authenticated user.
refreshToken
string
Refresh token for the authenticated user.
auxiliary_auth_info
. MFA verified sign-in information. auxiliary_auth_info
can be only one of the following:phoneAuthInfo
object (
FinalizeMfaPhoneResponseInfo
)
Extra phone auth info, including android verification proof.
Authorization scopes
Requires one of the following OAuth scopes:
-
https://www.googleapis.com/auth/identitytoolkit -
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview .
MfaTotpSignInRequestInfo
TOTP verification info for FinalizeMfaSignInRequest.
| JSON representation |
|---|
{ "verificationCode" : string } |
| Fields | |
|---|---|
verificationCode
|
User-entered verification code. |
