TOTP verification

Verify users with TOTP-based MFA by requesting and submitting a 6-digit code from their authenticator app.

React
React Native
Swift

Requesting an MFA challenge

To request an MFA challenge for the current user, call the init method from the useMfa hook, passing 'totp' as the MFA method parameter:

import {useMfa} from '@privy-io/react-auth';

const {init, submit} = useMfa();

// Request a TOTP MFA challenge
await init('totp');

The init method will prepare an MFA challenge for the TOTP method. The user will receive the MFA code within their authenticator app. The method returns a Promise that resolves if the challenge was successfully created, and rejects with an error if there was an issue.

Submitting the MFA verification

Once init has resolved successfully, prompt the user to get their MFA code from their authenticator app and enter it within your app. Then, call the submit method from useMfa. As parameters, pass the MFA method ('totp') and the MFA code that the user entered:

const mfaCode = 'insert-mfa-code-from-user';
await submit('totp', mfaCode);

When submit resolves successfully, the user has completed MFA and can proceed to use their embedded wallet.

Requesting an MFA challenge

To request an MFA challenge for the current user, call the init method from the useMfa hook with the appropriate parameters:

import {useMfa} from '@privy-io/expo';

const {init, submit} = useMfa();

// Request a TOTP MFA challenge
await init({method: 'totp'});

The init method will prepare an MFA challenge for the TOTP method. The user will receive the MFA code within their authenticator app.

Submitting the MFA verification

Once init has resolved successfully, prompt the user to get their MFA code from their authenticator app and enter it within your app. Then, call the submit method:

const mfaCode = 'insert-mfa-code-from-user';
await submit({method: 'totp', mfaCode});

When submit resolves successfully, the user has completed MFA and can proceed to use their embedded wallet.

Submitting the MFA verification

For TOTP verification, no initialization step is required since the code is generated locally by the user’s authenticator app. Prompt the user to get their MFA code from their authenticator app and enter it within your app. Then, call the submit method:

guard let user = await privy.getUser() else { return }

let mfaCode = "123456" // Code entered by user from authenticator app

do {
    try await user.mfa.totp.verify.submit(code: mfaCode)

    // If you've set up an MFA required listener, notify Privy MFA succeeded and to continue pending actions
    await privy.mfa.resumeBlockedActions()
} catch {
    // Either prompt user to try again, or notify Privy MFA failed and pass the error to the call site
    await privy.mfa.resumeBlockedActions(throwing: error)
}

When submit completes successfully, the user has completed MFA and can proceed to use their embedded wallet.

If your app uses an MFA required listener, you must call privy.mfa.resumeBlockedActions() after successful verification to unblock any pending wallet operations.

Using Privy authentication

Using your own authentication

Requesting an MFA challenge

Submitting the MFA verification

Requesting an MFA challenge

Submitting the MFA verification

Submitting the MFA verification

Using Privy authentication

Using your own authentication

​Requesting an MFA challenge

​Submitting the MFA verification

​Requesting an MFA challenge

​Submitting the MFA verification

​Submitting the MFA verification

Requesting an MFA challenge

Submitting the MFA verification

Requesting an MFA challenge

Submitting the MFA verification

Submitting the MFA verification