#!/usr/bin/env nu # MFA Workflow Example # Demonstrates complete MFA enrollment and verification workflow print "=== MFA Workflow Example ===" print "" # Step 1: Login (prerequisite) print "Step 1: Login to get access token" print "Command: auth login admin" print "" # In real usage: # auth login admin # Password: ******** print "✓ Access token stored in keyring" print "" # Step 2: Enroll in TOTP print "Step 2: Enroll in TOTP" print "Command: auth mfa enroll totp" print "" # In real usage: # let enrollment = (auth mfa enroll totp) # # Example output: # ████████████████████████████████ # ██ ▄▄▄▄▄ █▀▄█▀▄▀▄▀█ ▄▄▄▄▄ ██ # ██ █ █ ██▀▀▀▄▄▀█ █ █ ██ # ██ █▄▄▄█ ██▄▀▄▀ ██ █▄▄▄█ ██ # ██▄▄▄▄▄▄▄█ ▀ █ █ █▄▄▄▄▄▄▄██ # ████████████████████████████████ # # Scan this QR code with your authenticator app # Or enter this secret manually: JBSWY3DPEHPK3PXP print "✓ QR code displayed (scan with Google Authenticator or Authy)" print "✓ Secret: JBSWY3DPEHPK3PXP (for manual entry)" print "✓ Backup codes saved" print "" # Step 3: Verify TOTP code print "Step 3: Verify TOTP code from authenticator app" print "Command: auth mfa verify --code 123456" print "" # In real usage: # let verify = (auth mfa verify --code 123456) # # Example output: # { # valid: true, # message: "MFA verified" # } print "✓ MFA code verified successfully" print "" print "=== Workflow Complete ===" print "" print "Next steps:" print " - MFA is now enabled for your account" print " - You'll need to provide TOTP code on sensitive operations" print " - Keep backup codes in a secure location" print "" # Advanced Usage Examples print "=== Advanced Usage Examples ===" print "" print "1. Enroll for specific user:" print " auth mfa enroll totp --user alice" print "" print "2. Enroll with custom Control Center URL:" print " auth mfa enroll totp --url http://control-center.example.com:8081" print "" print "3. Verify with specific user:" print " auth mfa verify --code 123456 --user alice" print "" print "4. Enroll WebAuthn (YubiKey, Touch ID):" print " auth mfa enroll webauthn" print "" print "5. Error handling:" print " try {" print " auth mfa verify --code 123456" print " } catch {" print " print 'MFA verification failed, please try again'" print " }" print "" # Integration with other auth commands print "=== Integration with Other Auth Commands ===" print "" print "Complete authentication workflow:" print "" print "# 1. Login and save token" print "auth login admin --save" print "" print "# 2. Verify token is valid" print "auth verify" print "" print "# 3. Enroll MFA" print "auth mfa enroll totp" print "" print "# 4. Verify MFA code" print "auth mfa verify --code 123456" print "" print "# 5. List active sessions" print "auth sessions" print "" print "# 6. Logout" print "auth logout" print "" # Troubleshooting print "=== Troubleshooting ===" print "" print "Common issues:" print "" print "1. 'Not logged in' error:" print " Solution: Run 'auth login' first to get access token" print "" print "2. 'HTTP 401' error:" print " Solution: Token expired, run 'auth login' again" print "" print "3. 'Invalid code' message:" print " Solution: Ensure time is synchronized, TOTP codes expire every 30s" print "" print "4. QR code not displaying:" print " Solution: Use manual secret entry in authenticator app" print "" print "5. 'HTTP request failed':" print " Solution: Check Control Center is running and accessible" print "" print "=== End of Examples ==="