xref: /openbmc/phosphor-dbus-interfaces/yaml/xyz/openbmc_project/User/TOTPAuthenticator.interface.yaml (revision 839d6c0acb015e84b0df236cf432d88b825a0e53) 
1description: >
2    This interface defines methods and properties required for Time-based
3    One-time Password (TOTP) multi-factor authentication at user level to
4    support multi-factor authentication secret key setup for each user. This
5    interface implemented by each user object to support TOTP based
6    authenticators like google, microsoft, etc.
7
8methods:
9    - name: CreateSecretKey
10      description: >
11          This method setup Time-based One-time Password (TOTP) authenticator
12          secret key for the given user and returns secret key string to share
13          secret key to user.
14      returns:
15          - name: SecretKey
16            type: string
17            description: >
18                Secret key string which will be shared to user to setup TOTP
19                applications to generate TOTP token.
20
21    - name: VerifyOTP
22      description: >
23          This method verifies OTP with Time-based One-time Password
24          authenticator secret key for the given user and returns weather this
25          OTP is valid or not which make sure user has setup valid secret key
26          for two factor authentication.
27      parameters:
28          - name: OTP
29            type: string
30            description: >
31                One-time password string
32      returns:
33          - name: Status
34            type: boolean
35            description: >
36                Returns true if provided OTP is valid otherwise returns false.
37
38    - name: ClearSecretKey
39      description: >
40          This method clears Time-based One-time Password authenticator secret
41          key for the given user.
42      errors:
43          - xyz.openbmc_project.Common.Error.UnsupportedRequest
44          - xyz.openbmc_project.Common.Error.NotAllowed
45properties:
46    - name: SecretKeyGenerationRequired
47      type: boolean
48      default: false
49      flags:
50          - readonly
51      description: >
52          This property indicates whether TOTP authenticator secret key setup
53          required for the given user to complete Time-based One-time Password
54          authentication setup
55
56    - name: SecretKeyIsValid
57      type: boolean
58      default: false
59      description: >
60          This property indicates whether TOTP authenticator secret key setup
61          for the given user
62
63    - name: BypassedProtocol
64      type: enum[xyz.openbmc_project.User.MultiFactorAuthConfiguration.Type]
65      default: None
66      description: >
67          User level multi-factor authentication bypass settings. This interface
68          will be implemented by user D-bus object to support user's MFA bypass
69          configuration.
70