Sign In 2FA Check
Complete sign-in authentication with two-factor verification code validation
2FA VERIFICATION
Sign In 2FA Check
Complete the authentication process by verifying the two-factor authentication code after successful password validation.
Second Authentication Factor
This endpoint is called after successful email/password sign-in. Use the token from signin mutation.
Overview
The confirm2FA mutation completes the sign-in process by validating the 2FA code provided by the user. This is the second step of authentication after the initial password verification.
GraphQL Schema
mutation {
confirm2FA(
email: String!
token: String!
code: [TwoFAEntry]!
): Credentials!
}
input TwoFAEntry {
key: String!
value: String!
}
type Credentials {
status: String
token: String
}Parameters
String
User's email address used during sign-in.
token
RequiredString
Temporary token received from the signin mutation response.
code
Required[TwoFAEntry]
Array of 2FA entries with method key and verification code value.
Return Values
Success2FA verification successful. Returns JWT token for authenticated session.
{ status: "Success", token: "jwt_token_here" }Failed2FA code verification failed. Possible reasons in token field:
Password expired - Token from signin expired2FA code mismatch - Incorrect verification codeExample Usage
Successful 2FA Verification
mutation Verify2FA {
confirm2FA(
email: "demouser@nyyu.io"
token: "temp_token_from_signin"
code: [
{ key: "app", value: "123456" }
]
) {
status
token
}
}Response:
{
"data": {
"confirm2FA": {
"status": "Success",
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
}
}Authenticated
Store the JWT token securely and use it for all subsequent API requests.
Failed Verification
{
"data": {
"confirm2FA": {
"status": "failed",
"token": "2FA code mismatch"
}
}
}Invalid Code
The 2FA code is incorrect. Please check and try again.
Implementation Example
Frontend Integration
async function handleVerify2FA(email, tempToken, twoFACode, method) {
try {
const result = await graphqlClient.mutate({
mutation: gql`
mutation Confirm2FA($email: String!, $token: String!, $code: [TwoFAEntry]!) {
confirm2FA(email: $email, token: $token, code: $code) {
status
token
}
}
`,
variables: {
email: email,
token: tempToken,
code: [{ key: method, value: twoFACode }]
}
});
const { status, token } = result.data.confirm2FA;
if (status === "Success") {
// Store JWT token
localStorage.setItem('auth_token', token);
localStorage.setItem('user_email', email);
// Redirect to dashboard
router.push('/dashboard');
showSuccess("Successfully signed in!");
} else {
// Handle failure
if (token === "Password expired") {
showError("Session expired. Please sign in again.");
router.push('/signin');
} else if (token === "2FA code mismatch") {
showError("Invalid 2FA code. Please try again.");
clearCodeInput();
}
}
} catch (error) {
console.error("2FA verification failed:", error);
showError("Authentication failed. Please try again.");
}
}Best Practices
⏱️ Token Expiration
The temporary signin token expires quickly. Complete 2FA verification promptly after signin
🔐 Secure Token Storage
Store the final JWT token securely (httpOnly cookies preferred over localStorage)
🔄 Handle All Failures
Implement specific error handling for expired tokens vs incorrect codes