diff --git a/fusionauth-netcore-client/domain/io/fusionauth/domain/LambdaConfiguration.cs b/fusionauth-netcore-client/domain/io/fusionauth/domain/LambdaConfiguration.cs index 9ffae52a..7a17bd80 100644 --- a/fusionauth-netcore-client/domain/io/fusionauth/domain/LambdaConfiguration.cs +++ b/fusionauth-netcore-client/domain/io/fusionauth/domain/LambdaConfiguration.cs @@ -27,6 +27,8 @@ public class LambdaConfiguration { public Guid? idTokenPopulateId; + public Guid? multiFactorRequirementId; + public Guid? samlv2PopulateId; public Guid? selfServiceRegistrationValidationId; diff --git a/fusionauth-netcore-client/domain/io/fusionauth/domain/LambdaType.cs b/fusionauth-netcore-client/domain/io/fusionauth/domain/LambdaType.cs index 2d90d354..d72cef5e 100644 --- a/fusionauth-netcore-client/domain/io/fusionauth/domain/LambdaType.cs +++ b/fusionauth-netcore-client/domain/io/fusionauth/domain/LambdaType.cs @@ -52,6 +52,7 @@ public enum LambdaType { SCIMServerUserResponseConverter, SelfServiceRegistrationValidation, UserInfoPopulate, - LoginValidation + LoginValidation, + MFARequirement } } diff --git a/fusionauth-netcore-client/domain/io/fusionauth/domain/MultiFactorAction.cs b/fusionauth-netcore-client/domain/io/fusionauth/domain/MultiFactorAction.cs new file mode 100644 index 00000000..39a211c9 --- /dev/null +++ b/fusionauth-netcore-client/domain/io/fusionauth/domain/MultiFactorAction.cs @@ -0,0 +1,32 @@ +/* + * Copyright (c) 2018-2025, FusionAuth, All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. + */ + + +using System.Collections.Generic; +using System; + +namespace io.fusionauth.domain +{ + + /** + * Communicate various actions/contexts in which multi-factor authentication can be used. + */ + public enum MultiFactorAction { + changePassword, + login, + stepUp + } +} diff --git a/fusionauth-netcore-client/domain/io/fusionauth/domain/TenantLambdaConfiguration.cs b/fusionauth-netcore-client/domain/io/fusionauth/domain/TenantLambdaConfiguration.cs index 9c68037c..577343d4 100644 --- a/fusionauth-netcore-client/domain/io/fusionauth/domain/TenantLambdaConfiguration.cs +++ b/fusionauth-netcore-client/domain/io/fusionauth/domain/TenantLambdaConfiguration.cs @@ -28,6 +28,8 @@ public class TenantLambdaConfiguration { public Guid? loginValidationId; + public Guid? multiFactorRequirementId; + public Guid? scimEnterpriseUserRequestConverterId; public Guid? scimEnterpriseUserResponseConverterId; diff --git a/fusionauth-netcore-client/domain/io/fusionauth/domain/api/twoFactor/TwoFactorStatusRequest.cs b/fusionauth-netcore-client/domain/io/fusionauth/domain/api/twoFactor/TwoFactorStatusRequest.cs new file mode 100644 index 00000000..f00051cc --- /dev/null +++ b/fusionauth-netcore-client/domain/io/fusionauth/domain/api/twoFactor/TwoFactorStatusRequest.cs @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2018-2025, FusionAuth, All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. + */ + + +using io.fusionauth.domain.api; +using io.fusionauth.domain; +using System.Collections.Generic; +using System; + +namespace io.fusionauth.domain.api.twoFactor +{ + + /** + * Check the status of two-factor authentication for a user, with more options than on a GET request. + */ + public class TwoFactorStatusRequest: BaseEventRequest { + + public Guid? userId; + + public MultiFactorAction action; + + public Guid? applicationId; + + public string token; + + public string twoFactorTrustId; + + public TwoFactorStatusRequest with(Action action) { + action(this); + return this; + } + } +} diff --git a/fusionauth-netcore-client/domain/io/fusionauth/domain/lambda/parameters/MFAContext.cs b/fusionauth-netcore-client/domain/io/fusionauth/domain/lambda/parameters/MFAContext.cs new file mode 100644 index 00000000..b017dff7 --- /dev/null +++ b/fusionauth-netcore-client/domain/io/fusionauth/domain/lambda/parameters/MFAContext.cs @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2018-2025, FusionAuth, All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. + */ + + +using io.fusionauth.domain; +using System.Collections.Generic; +using System; + +namespace io.fusionauth.domain.lambda.parameters +{ + + /** + * Represents the inbound lambda parameter 'context' for MFA Required lambdas. + */ + public class MFAContext { + + public List authenticationThreats; + + public EventInfo @eventInfo; + + public IDictionary jwt; + + public MFATrust mfaTrust; + + public UserRegistration registration; + + public MFAContext with(Action action) { + action(this); + return this; + } + } +} diff --git a/fusionauth-netcore-client/domain/io/fusionauth/domain/lambda/parameters/MFAPolicies.cs b/fusionauth-netcore-client/domain/io/fusionauth/domain/lambda/parameters/MFAPolicies.cs new file mode 100644 index 00000000..17a75209 --- /dev/null +++ b/fusionauth-netcore-client/domain/io/fusionauth/domain/lambda/parameters/MFAPolicies.cs @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2018-2025, FusionAuth, All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. + */ + + +using io.fusionauth.domain; +using System.Collections.Generic; +using System; + +namespace io.fusionauth.domain.lambda.parameters +{ + + /** + * Represents the inbound lambda parameter 'policies' for MFA Required lambdas. + */ + public class MFAPolicies { + + public MultiFactorLoginPolicy applicationLoginPolicy; + + public ApplicationMultiFactorTrustPolicy applicationMultiFactorTrustPolicy; + + public MultiFactorLoginPolicy tenantLoginPolicy; + + public MFAPolicies with(Action action) { + action(this); + return this; + } + } +} diff --git a/fusionauth-netcore-client/domain/io/fusionauth/domain/lambda/parameters/MFARequiredLambdaResult.cs b/fusionauth-netcore-client/domain/io/fusionauth/domain/lambda/parameters/MFARequiredLambdaResult.cs new file mode 100644 index 00000000..dd4008c9 --- /dev/null +++ b/fusionauth-netcore-client/domain/io/fusionauth/domain/lambda/parameters/MFARequiredLambdaResult.cs @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2018-2025, FusionAuth, All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. + */ + + +using System.Collections.Generic; +using System; + +namespace io.fusionauth.domain.lambda.parameters +{ + + /** + * Represents the inbound lambda parameter 'result' for MFA Required lambdas. + */ + public class MFARequiredLambdaResult { + + public bool? required; + + public bool? sendSuspiciousLoginEvent; + + public MFARequiredLambdaResult with(Action action) { + action(this); + return this; + } + } +} diff --git a/fusionauth-netcore-client/domain/io/fusionauth/domain/lambda/parameters/MFATrust.cs b/fusionauth-netcore-client/domain/io/fusionauth/domain/lambda/parameters/MFATrust.cs new file mode 100644 index 00000000..836ff87c --- /dev/null +++ b/fusionauth-netcore-client/domain/io/fusionauth/domain/lambda/parameters/MFATrust.cs @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2018-2025, FusionAuth, All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. + */ + + +using System.Collections.Generic; +using System; + +namespace io.fusionauth.domain.lambda.parameters +{ + + /** + * Represents the inbound lambda parameter 'mfaTrust' inside the 'context' parameter for MFA Required lambdas. + */ + public class MFATrust { + + public Guid? applicationId; + + public IDictionary attributes; + + public DateTimeOffset? expirationInstant; + + public string id; + + public DateTimeOffset? insertInstant; + + public StartInstant startInstants; + + public IDictionary state; + + public Guid? tenantId; + + public Guid? userId; + + public MFATrust with(Action action) { + action(this); + return this; + } + } +} diff --git a/fusionauth-netcore-client/domain/io/fusionauth/domain/lambda/parameters/StartInstant.cs b/fusionauth-netcore-client/domain/io/fusionauth/domain/lambda/parameters/StartInstant.cs new file mode 100644 index 00000000..0a5bb23d --- /dev/null +++ b/fusionauth-netcore-client/domain/io/fusionauth/domain/lambda/parameters/StartInstant.cs @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2018-2025, FusionAuth, All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. + */ + + +using System.Collections.Generic; +using System; + +namespace io.fusionauth.domain.lambda.parameters +{ + + public class StartInstant { + + public IDictionary applications; + + public DateTimeOffset? tenant; + + public StartInstant with(Action action) { + action(this); + return this; + } + } +} diff --git a/fusionauth-netcore-client/domain/io/fusionauth/domain/reactor/ReactorStatus.cs b/fusionauth-netcore-client/domain/io/fusionauth/domain/reactor/ReactorStatus.cs index 93096309..38d03b05 100644 --- a/fusionauth-netcore-client/domain/io/fusionauth/domain/reactor/ReactorStatus.cs +++ b/fusionauth-netcore-client/domain/io/fusionauth/domain/reactor/ReactorStatus.cs @@ -56,6 +56,8 @@ public class ReactorStatus { public bool? licensed; + public ReactorFeatureStatus multiFactorLambdas; + public ReactorFeatureStatus scimServer; public ReactorFeatureStatus tenantManagerApplication; diff --git a/fusionauth-netcore-client/src/io/fusionauth/FusionAuthClient.cs b/fusionauth-netcore-client/src/io/fusionauth/FusionAuthClient.cs index d1cc93b9..abf71661 100644 --- a/fusionauth-netcore-client/src/io/fusionauth/FusionAuthClient.cs +++ b/fusionauth-netcore-client/src/io/fusionauth/FusionAuthClient.cs @@ -192,6 +192,16 @@ public Task> CheckChangePasswordUsingIdAsync(string cha .goAsync(); } + /// + public Task> CheckChangePasswordUsingIdAndIPAddressAsync(string changePasswordId, string ipAddress) { + return buildAnonymousClient() + .withUri("/api/user/change-password") + .withUriSegment(changePasswordId) + .withParameter("ipAddress", ipAddress) + .withMethod("Get") + .goAsync(); + } + /// public Task> CheckChangePasswordUsingJWTAsync(string encodedJWT) { return buildAnonymousClient() @@ -201,6 +211,16 @@ public Task> CheckChangePasswordUsingJWTAsync(string en .goAsync(); } + /// + public Task> CheckChangePasswordUsingJWTAndIPAddressAsync(string encodedJWT, string ipAddress) { + return buildAnonymousClient() + .withUri("/api/user/change-password") + .withAuthorization("Bearer " + encodedJWT) + .withParameter("ipAddress", ipAddress) + .withMethod("Get") + .goAsync(); + } + /// public Task> CheckChangePasswordUsingLoginIdAsync(string loginId) { return buildClient() @@ -210,6 +230,16 @@ public Task> CheckChangePasswordUsingLoginIdAsync(strin .goAsync(); } + /// + public Task> CheckChangePasswordUsingLoginIdAndIPAddressAsync(string loginId, string ipAddress) { + return buildClient() + .withUri("/api/user/change-password") + .withParameter("loginId", loginId) + .withParameter("ipAddress", ipAddress) + .withMethod("Get") + .goAsync(); + } + /// public Task> CheckChangePasswordUsingLoginIdAndLoginIdTypesAsync(string loginId, List loginIdTypes) { return buildClient() @@ -220,6 +250,17 @@ public Task> CheckChangePasswordUsingLoginIdAndLoginIdT .goAsync(); } + /// + public Task> CheckChangePasswordUsingLoginIdAndLoginIdTypesAndIPAddressAsync(string loginId, List loginIdTypes, string ipAddress) { + return buildClient() + .withUri("/api/user/change-password") + .withParameter("loginId", loginId) + .withParameter("loginIdTypes", loginIdTypes) + .withParameter("ipAddress", ipAddress) + .withMethod("Get") + .goAsync(); + } + /// public Task> ClientCredentialsGrantAsync(string client_id, string client_secret, string scope) { var body = new Dictionary { @@ -2427,6 +2468,15 @@ public Task> RetrieveTwoFactorStatusAsyn .goAsync(); } + /// + public Task> RetrieveTwoFactorStatusWithRequestAsync(TwoFactorStatusRequest request) { + return buildClient() + .withUri("/api/two-factor/status") + .withJSONBody(request) + .withMethod("Post") + .goAsync(); + } + /// public Task> RetrieveUserAsync(Guid? userId) { return buildClient() diff --git a/fusionauth-netcore-client/src/io/fusionauth/FusionAuthSyncClient.cs b/fusionauth-netcore-client/src/io/fusionauth/FusionAuthSyncClient.cs index 10a5daa2..53bac6ce 100644 --- a/fusionauth-netcore-client/src/io/fusionauth/FusionAuthSyncClient.cs +++ b/fusionauth-netcore-client/src/io/fusionauth/FusionAuthSyncClient.cs @@ -107,21 +107,41 @@ public ClientResponse CheckChangePasswordUsingId(string changePassword return client.CheckChangePasswordUsingIdAsync(changePasswordId).GetAwaiter().GetResult(); } + /// + public ClientResponse CheckChangePasswordUsingIdAndIPAddress(string changePasswordId, string ipAddress) { + return client.CheckChangePasswordUsingIdAndIPAddressAsync(changePasswordId, ipAddress).GetAwaiter().GetResult(); + } + /// public ClientResponse CheckChangePasswordUsingJWT(string encodedJWT) { return client.CheckChangePasswordUsingJWTAsync(encodedJWT).GetAwaiter().GetResult(); } + /// + public ClientResponse CheckChangePasswordUsingJWTAndIPAddress(string encodedJWT, string ipAddress) { + return client.CheckChangePasswordUsingJWTAndIPAddressAsync(encodedJWT, ipAddress).GetAwaiter().GetResult(); + } + /// public ClientResponse CheckChangePasswordUsingLoginId(string loginId) { return client.CheckChangePasswordUsingLoginIdAsync(loginId).GetAwaiter().GetResult(); } + /// + public ClientResponse CheckChangePasswordUsingLoginIdAndIPAddress(string loginId, string ipAddress) { + return client.CheckChangePasswordUsingLoginIdAndIPAddressAsync(loginId, ipAddress).GetAwaiter().GetResult(); + } + /// public ClientResponse CheckChangePasswordUsingLoginIdAndLoginIdTypes(string loginId, List loginIdTypes) { return client.CheckChangePasswordUsingLoginIdAndLoginIdTypesAsync(loginId, loginIdTypes).GetAwaiter().GetResult(); } + /// + public ClientResponse CheckChangePasswordUsingLoginIdAndLoginIdTypesAndIPAddress(string loginId, List loginIdTypes, string ipAddress) { + return client.CheckChangePasswordUsingLoginIdAndLoginIdTypesAndIPAddressAsync(loginId, loginIdTypes, ipAddress).GetAwaiter().GetResult(); + } + /// public ClientResponse ClientCredentialsGrant(string client_id, string client_secret, string scope) { return client.ClientCredentialsGrantAsync(client_id, client_secret, scope).GetAwaiter().GetResult(); @@ -1269,6 +1289,11 @@ public ClientResponse RetrieveTwoFactorStatus(Guid? use return client.RetrieveTwoFactorStatusAsync(userId, applicationId, twoFactorTrustId).GetAwaiter().GetResult(); } + /// + public ClientResponse RetrieveTwoFactorStatusWithRequest(TwoFactorStatusRequest request) { + return client.RetrieveTwoFactorStatusWithRequestAsync(request).GetAwaiter().GetResult(); + } + /// public ClientResponse RetrieveUser(Guid? userId) { return client.RetrieveUserAsync(userId).GetAwaiter().GetResult(); diff --git a/fusionauth-netcore-client/src/io/fusionauth/IFusionAuthClient.cs b/fusionauth-netcore-client/src/io/fusionauth/IFusionAuthClient.cs index 49ae30da..9cb52861 100644 --- a/fusionauth-netcore-client/src/io/fusionauth/IFusionAuthClient.cs +++ b/fusionauth-netcore-client/src/io/fusionauth/IFusionAuthClient.cs @@ -191,6 +191,24 @@ public interface IFusionAuthAsyncClient { /// Task> CheckChangePasswordUsingIdAsync(string changePasswordId); + /// + /// Check to see if the user must obtain a Trust Token Id in order to complete a change password request. + /// When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change + /// your password, you must obtain a Trust Token by completing a Two-Factor Step-Up authentication. + /// + /// An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API. + /// This is an asynchronous method. + /// + /// The change password Id used to find the user. This value is generated by FusionAuth once the change password workflow has been initiated. + /// (Optional) IP address of the user changing their password. This is used for MFA risk assessment. + /// + /// When successful, the response will contain the log of the action. If there was a validation error or any + /// other type of error, this will return the Errors object in the response. Additionally, if FusionAuth could not be + /// contacted because it is down or experiencing a failure, the response will contain an Exception, which could be an + /// IOException. + /// + Task> CheckChangePasswordUsingIdAndIPAddressAsync(string changePasswordId, string ipAddress); + /// /// Check to see if the user must obtain a Trust Token Id in order to complete a change password request. /// When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change @@ -208,6 +226,24 @@ public interface IFusionAuthAsyncClient { /// Task> CheckChangePasswordUsingJWTAsync(string encodedJWT); + /// + /// Check to see if the user must obtain a Trust Token Id in order to complete a change password request. + /// When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change + /// your password, you must obtain a Trust Token by completing a Two-Factor Step-Up authentication. + /// + /// An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API. + /// This is an asynchronous method. + /// + /// The encoded JWT (access token). + /// (Optional) IP address of the user changing their password. This is used for MFA risk assessment. + /// + /// When successful, the response will contain the log of the action. If there was a validation error or any + /// other type of error, this will return the Errors object in the response. Additionally, if FusionAuth could not be + /// contacted because it is down or experiencing a failure, the response will contain an Exception, which could be an + /// IOException. + /// + Task> CheckChangePasswordUsingJWTAndIPAddressAsync(string encodedJWT, string ipAddress); + /// /// Check to see if the user must obtain a Trust Request Id in order to complete a change password request. /// When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change @@ -225,6 +261,24 @@ public interface IFusionAuthAsyncClient { /// Task> CheckChangePasswordUsingLoginIdAsync(string loginId); + /// + /// Check to see if the user must obtain a Trust Request Id in order to complete a change password request. + /// When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change + /// your password, you must obtain a Trust Request Id by completing a Two-Factor Step-Up authentication. + /// + /// An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API. + /// This is an asynchronous method. + /// + /// The loginId (email or username) of the User that you intend to change the password for. + /// (Optional) IP address of the user changing their password. This is used for MFA risk assessment. + /// + /// When successful, the response will contain the log of the action. If there was a validation error or any + /// other type of error, this will return the Errors object in the response. Additionally, if FusionAuth could not be + /// contacted because it is down or experiencing a failure, the response will contain an Exception, which could be an + /// IOException. + /// + Task> CheckChangePasswordUsingLoginIdAndIPAddressAsync(string loginId, string ipAddress); + /// /// Check to see if the user must obtain a Trust Request Id in order to complete a change password request. /// When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change @@ -243,6 +297,25 @@ public interface IFusionAuthAsyncClient { /// Task> CheckChangePasswordUsingLoginIdAndLoginIdTypesAsync(string loginId, List loginIdTypes); + /// + /// Check to see if the user must obtain a Trust Request Id in order to complete a change password request. + /// When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change + /// your password, you must obtain a Trust Request Id by completing a Two-Factor Step-Up authentication. + /// + /// An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API. + /// This is an asynchronous method. + /// + /// The loginId of the User that you intend to change the password for. + /// The identity types that FusionAuth will compare the loginId to. + /// (Optional) IP address of the user changing their password. This is used for MFA risk assessment. + /// + /// When successful, the response will contain the log of the action. If there was a validation error or any + /// other type of error, this will return the Errors object in the response. Additionally, if FusionAuth could not be + /// contacted because it is down or experiencing a failure, the response will contain an Exception, which could be an + /// IOException. + /// + Task> CheckChangePasswordUsingLoginIdAndLoginIdTypesAndIPAddressAsync(string loginId, List loginIdTypes, string ipAddress); + /// /// Make a Client Credentials grant request to obtain an access token. /// This is an asynchronous method. @@ -3431,6 +3504,23 @@ public interface IFusionAuthAsyncClient { /// Task> RetrieveTwoFactorStatusAsync(Guid? userId, Guid? applicationId, string twoFactorTrustId); + /// + /// Retrieve a user's two-factor status. + /// + /// This can be used to see if a user will need to complete a two-factor challenge to complete a login, + /// and optionally identify the state of the two-factor trust across various applications. This operation + /// provides more payload options than retrieveTwoFactorStatus. + /// This is an asynchronous method. + /// + /// The request object that contains all the information used to check the status. + /// + /// When successful, the response will contain the log of the action. If there was a validation error or any + /// other type of error, this will return the Errors object in the response. Additionally, if FusionAuth could not be + /// contacted because it is down or experiencing a failure, the response will contain an Exception, which could be an + /// IOException. + /// + Task> RetrieveTwoFactorStatusWithRequestAsync(TwoFactorStatusRequest request); + /// /// Retrieves the user for the given Id. /// This is an asynchronous method. @@ -5271,6 +5361,23 @@ public interface IFusionAuthSyncClient { /// ClientResponse CheckChangePasswordUsingId(string changePasswordId); + /// + /// Check to see if the user must obtain a Trust Token Id in order to complete a change password request. + /// When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change + /// your password, you must obtain a Trust Token by completing a Two-Factor Step-Up authentication. + /// + /// An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API. + /// + /// The change password Id used to find the user. This value is generated by FusionAuth once the change password workflow has been initiated. + /// (Optional) IP address of the user changing their password. This is used for MFA risk assessment. + /// + /// When successful, the response will contain the log of the action. If there was a validation error or any + /// other type of error, this will return the Errors object in the response. Additionally, if FusionAuth could not be + /// contacted because it is down or experiencing a failure, the response will contain an Exception, which could be an + /// IOException. + /// + ClientResponse CheckChangePasswordUsingIdAndIPAddress(string changePasswordId, string ipAddress); + /// /// Check to see if the user must obtain a Trust Token Id in order to complete a change password request. /// When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change @@ -5287,6 +5394,23 @@ public interface IFusionAuthSyncClient { /// ClientResponse CheckChangePasswordUsingJWT(string encodedJWT); + /// + /// Check to see if the user must obtain a Trust Token Id in order to complete a change password request. + /// When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change + /// your password, you must obtain a Trust Token by completing a Two-Factor Step-Up authentication. + /// + /// An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API. + /// + /// The encoded JWT (access token). + /// (Optional) IP address of the user changing their password. This is used for MFA risk assessment. + /// + /// When successful, the response will contain the log of the action. If there was a validation error or any + /// other type of error, this will return the Errors object in the response. Additionally, if FusionAuth could not be + /// contacted because it is down or experiencing a failure, the response will contain an Exception, which could be an + /// IOException. + /// + ClientResponse CheckChangePasswordUsingJWTAndIPAddress(string encodedJWT, string ipAddress); + /// /// Check to see if the user must obtain a Trust Request Id in order to complete a change password request. /// When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change @@ -5303,6 +5427,23 @@ public interface IFusionAuthSyncClient { /// ClientResponse CheckChangePasswordUsingLoginId(string loginId); + /// + /// Check to see if the user must obtain a Trust Request Id in order to complete a change password request. + /// When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change + /// your password, you must obtain a Trust Request Id by completing a Two-Factor Step-Up authentication. + /// + /// An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API. + /// + /// The loginId (email or username) of the User that you intend to change the password for. + /// (Optional) IP address of the user changing their password. This is used for MFA risk assessment. + /// + /// When successful, the response will contain the log of the action. If there was a validation error or any + /// other type of error, this will return the Errors object in the response. Additionally, if FusionAuth could not be + /// contacted because it is down or experiencing a failure, the response will contain an Exception, which could be an + /// IOException. + /// + ClientResponse CheckChangePasswordUsingLoginIdAndIPAddress(string loginId, string ipAddress); + /// /// Check to see if the user must obtain a Trust Request Id in order to complete a change password request. /// When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change @@ -5320,6 +5461,24 @@ public interface IFusionAuthSyncClient { /// ClientResponse CheckChangePasswordUsingLoginIdAndLoginIdTypes(string loginId, List loginIdTypes); + /// + /// Check to see if the user must obtain a Trust Request Id in order to complete a change password request. + /// When a user has enabled Two-Factor authentication, before you are allowed to use the Change Password API to change + /// your password, you must obtain a Trust Request Id by completing a Two-Factor Step-Up authentication. + /// + /// An HTTP status code of 400 with a general error code of [TrustTokenRequired] indicates that a Trust Token is required to make a POST request to this API. + /// + /// The loginId of the User that you intend to change the password for. + /// The identity types that FusionAuth will compare the loginId to. + /// (Optional) IP address of the user changing their password. This is used for MFA risk assessment. + /// + /// When successful, the response will contain the log of the action. If there was a validation error or any + /// other type of error, this will return the Errors object in the response. Additionally, if FusionAuth could not be + /// contacted because it is down or experiencing a failure, the response will contain an Exception, which could be an + /// IOException. + /// + ClientResponse CheckChangePasswordUsingLoginIdAndLoginIdTypesAndIPAddress(string loginId, List loginIdTypes, string ipAddress); + /// /// Make a Client Credentials grant request to obtain an access token. /// @@ -8279,6 +8438,22 @@ public interface IFusionAuthSyncClient { /// ClientResponse RetrieveTwoFactorStatus(Guid? userId, Guid? applicationId, string twoFactorTrustId); + /// + /// Retrieve a user's two-factor status. + /// + /// This can be used to see if a user will need to complete a two-factor challenge to complete a login, + /// and optionally identify the state of the two-factor trust across various applications. This operation + /// provides more payload options than retrieveTwoFactorStatus. + /// + /// The request object that contains all the information used to check the status. + /// + /// When successful, the response will contain the log of the action. If there was a validation error or any + /// other type of error, this will return the Errors object in the response. Additionally, if FusionAuth could not be + /// contacted because it is down or experiencing a failure, the response will contain an Exception, which could be an + /// IOException. + /// + ClientResponse RetrieveTwoFactorStatusWithRequest(TwoFactorStatusRequest request); + /// /// Retrieves the user for the given Id. ///