Learn how Authsignal actions enable risk-based authentication and how to implement them in your app.
ALLOW
outcome, it doesn’t necessarily mean the user has authentication methods enrolled. If a user has no enrolled authenticators, the action will return ALLOW
but isEnrolled
will be false
. You can use this to optionally prompt unenrolled users to set up authentication methods for future security.withdraw-funds
).
This step will return a token which can be passed to a client SDK to perform a challenge for that user.
setToken
with the client token obtained, then use the relevant SDK methods to progress the user through a challenge.token
that you can validate on your backend to verify the authentication result.
For pre-built UI, this token
is appended to your redirect URL as a query parameter, while for custom UI implementation, you’ll get the token
directly from the challenge completion result.