feat(mfa): Add MFA endpoints for TOTP setup #19473
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vpomerleau
force-pushed
the
FXA-12229-backend
branch
from
c86e782 to
6c5e617
Compare
4 tasks
toufali
approved these changes
Sep 22, 2025
Member
toufali
left a comment
toufali
left a comment
There was a problem hiding this comment.
LGTM, thanks for the additional documentation!
I tried running the tests locally to confirm working as expected, but it doesn't look like the tests ran via nx test-integration fxa-auth-server ? I'm probably running the wrong suite...
vpomerleau
force-pushed
the
FXA-12229-backend
branch
2 times, most recently
from
19a22a8 to
a038052
Compare
vpomerleau
commented
Sep 23, 2025
| ? `${config.serviceName} - ${environment}` | ||
| : `${config.serviceName}`; | ||
|
|
||
| // Shared handlers for TOTP replace flows (used by legacy and /mfa routes) |
Contributor
Author
There was a problem hiding this comment.
Move the handler back into the sessionToken route to follow the preferred pattern
Contributor
Author
Because: * We will be wrapping TOTP creation flow with an MFA guard, this sets up the backend support This commit: * Adds MFA-variants of the TOTP setup endpoints * Adds and updates unit tests * Adds integration tests for the MFA routes * Adds docs for the new endpoints and a bit of extra docs for the original session-token-based endpoints * Adds a little mail helper to obtain the MFA code in tests Issue #FXA-12229
vpomerleau
force-pushed
the
FXA-12229-backend
branch
from
a038052 to
2ee5f4b
Compare
vpomerleau
commented
Sep 23, 2025
| }); | ||
| }); | ||
|
|
||
| // MFA-prefixed routes |
Contributor
Author
There was a problem hiding this comment.
We are removing these tests - they duplicate the session token version of the routes (shared handler)
dschom
reviewed
Sep 23, 2025
| }, | ||
| }, | ||
| handler: async function (request) { | ||
| return routes |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Because
This pull request
Issue that this pull request solves
Issue: FXA-12229
Checklist
Put an
xin the boxes that applyScreenshots (Optional)
Please attach the screenshots of the changes made in case of change in user interface.
Other information (Optional)
This is the backend portion of the work needed for FXA-12229