1description: >
2    This interface defines methods and properties required for Time-based
3    One-time Password (TOTP) multi-factor authentication at user level to
4    support multi-factor authentication secret key setup for each user. This
5    interface implemented by each user object to support TOTP based
6    authenticators like google, microsoft, etc.
7
8methods:
9    - name: CreateSecretKey
10      description: >
11          This method setup Time-based One-time Password (TOTP) authenticator
12          secret key for the given user and returns secret key string to share
13          secret key to user.
14      returns:
15          - name: SecretKey
16            type: string
17            description: >
18                Secret key string which will be shared to user to setup TOTP
19                applications to generate TOTP token.
20      errors:
21          - xyz.openbmc_project.Common.Error.UnsupportedRequest
22          - xyz.openbmc_project.Common.Error.NotAllowed
23
24    - name: VerifyOTP
25      description: >
26          This method verifies OTP with Time-based One-time Password
27          authenticator secret key for the given user and returns weather this
28          OTP is valid or not which make sure user has setup valid secret key
29          for two factor authentication.
30      parameters:
31          - name: OTP
32            type: string
33            description: >
34                One-time password string
35      returns:
36          - name: Status
37            type: boolean
38            description: >
39                Returns true if provided OTP is valid otherwise returns false.
40      errors:
41          - xyz.openbmc_project.Common.Error.UnsupportedRequest
42          - xyz.openbmc_project.Common.Error.NotAllowed
43
44    - name: ClearSecretKey
45      description: >
46          This method clears Time-based One-time Password authenticator secret
47          key for the given user.
48      errors:
49          - xyz.openbmc_project.Common.Error.UnsupportedRequest
50          - xyz.openbmc_project.Common.Error.NotAllowed
51properties:
52    - name: SecretKeyGenerationRequired
53      type: boolean
54      default: false
55      flags:
56          - readonly
57      description: >
58          This property indicates whether TOTP authenticator secret key setup
59          required for the given user to complete Time-based One-time Password
60          authentication setup
61
62    - name: SecretKeyIsValid
63      type: boolean
64      default: false
65      description: >
66          This property indicates whether TOTP authenticator secret key setup
67          for the given user
68
69    - name: BypassedProtocol
70      type: enum[xyz.openbmc_project.User.MultiFactorAuthConfiguration.Type]
71      default: None
72      description: >
73          User level multi-factor authentication bypass settings. This interface
74          will be implemented by user D-bus object to support user's MFA bypass
75          configuration.
76