How to complete a 2-factor login using the Cosync REST API
Complete the login into a user account with two-factor authentication turned on, for either phone or google two factor authentication. The loginComplete function will send back a JWT token that contains
- aud - audience (the Realm App Id)
- sub - subject (the user login handle)
- exp - an expiration date for the JWT token
- iat - the issue date for the JWT token
- metadata fields - metadata for the user
The JWT token is signed with the application private key that is held by the Cosync JWT service. The JWT token is used to login into MongoDB Realm by the client device.
The loginComplete function will also send back a signed access token for the logged in user. This access token contains:
- handle - user email handle
- appId - CosyncJWT application id
- scope: user
- iat: time at which claim was issued
URL
/api/appuser/loginComplete
Method
POST
Headers
app-token: "<App Token>"
Data Parameter
{
loginToken: "<signed login token>",
code: "<two-factor verification code>"
}
Response:
Success:
StatusCode:
200 (OK)
Contents:
{
jwt: "<JWT for logged in user>",
access-token: "<access token for user>":
}
Error:
StatusCode:
400 (BAD REQUEST)
500 (INTERNAL SERVER ERROR)
Content:
{
code: "<internal error code>",
message: "<readable error description>"
}
The internal codes are integers:
- 400 - invalid app token
- 401 - app no longer exists
- 402 - app is suspended
- 403 - missing parameter
- 404 - user account is suspended
- 500 - internal server error
- 600 - invalid login credentials