Endpoints

You must mount these ASGI endpoints in your app.

mfa_setup

piccolo_api.mfa.endpoints.mfa_setup(provider: MFAProvider, auth_table: type[BaseUser] = BaseUser, styles: Styles | None = None) → type[HTTPEndpoint]

This endpoint needs to be protected SessionAuthMiddleware, ensuring that only logged in users can access it.

We also recommend protecting it with RateLimitingMiddleware, because:

• Some of the forms accept a password, and we want to protect against brute forcing.

• Generating secrets and refresh tokens is somewhat expensive, so we want to protect against abuse.

Users can setup and manage their MFA setup using this endpoint.

session_login

Make sure you pass the mfa_providers argument to session_login, so it knows to look for an MFA token.