This method lets you enroll an email or SMS-based authenticator for a user whose email address or phone number has already been verified via an external platform.
This method should not be used if you haven’t yet verified the user’s email or phone number. It
does not send out an email / SMS to initiate a verification process - if you need to verify an
email address or phone number, you should use a Client SDK or the pre-built
UI.
This method lets you validate server-side whether a user has successfully completed an authentication challenge via the Authsignal pre-built UI or an Authsignal Client SDK.After obtaining a short-lived token from the pre-built UI or a Client SDK, pass this token to your server to determine the result.
Copy
Ask AI
const request = { token: "eyJhbGciOiJ...",};const response = await authsignal.validateChallenge(request);if (response.state === "CHALLENGE_SUCCEEDED") { // The user completed the challenge successfully // Proceed with authenticated action or integrate with IdP to create authenticated session} else { // The user did not complete the challenge successfully}
This method can be used to convert a challenge into an authenticated session. If the challenge associated with the client token was successful, it will return an access token and refresh token.
This method can be used to validate a session for a given access token. This will ensure both that the token signature is valid and that the token has not been revoked.
This method can be used to refresh a session for a given refresh token. This will return a new access token and refresh token, revoking any previously issued tokens.