Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.dynamic.xyz/docs/llms.txt

Use this file to discover all available pages before exploring further.

Dashboard Setup

MFA enrollment requires users to register a TOTP device or Passkey. Configure it in the dashboard before implementing in your application. See End-User MFA - Enrollment for dashboard setup instructions.

React

In React, manage multi-step MFA flows (register → scan QR → verify) with useState. Example for TOTP registration: 
import { registerTotpMfaDevice, authenticateTotpMfaDevice } from '@dynamic-labs-sdk/client';
import { useState } from 'react';

function TotpEnrollment() {
  const [qrUri, setQrUri] = useState<string | null>(null);
  const [code, setCode] = useState('');

  const handleRegister = async () => {
    const { uri } = await registerTotpMfaDevice();
    setQrUri(uri);
  };

  const handleVerify = async () => {
    await authenticateTotpMfaDevice({ code });
    setQrUri(null);
    // MFA enrollment complete
  };

  if (qrUri) {
    return (
      <div>
        <p>Scan this QR code with your authenticator app:</p>
        {/* Render QR from qrUri using a library like qrcode.react */}
        <input value={code} onChange={(e) => setCode(e.target.value)} placeholder="Enter code" />
        <button onClick={handleVerify}>Verify</button>
      </div>
    );
  }

  return <button onClick={handleRegister}>Set up authenticator app</button>;
}

Your UI SDK Implementation

  • Register device: registerTotpMfaDevice() returns a QR uri and secret.
  • Authenticate: authenticateTotpMfaDevice({ code }) completes the challenge.
  • Manage devices: getMfaDevices() lists devices; deleteMfaDevice() deletes.
  • Recovery codes: getMfaRecoveryCodes() to display; createNewMfaRecoveryCodes() to rotate; authenticateMfaRecoveryCode({ code }) to unblock login.
import { registerTotpMfaDevice, authenticateTotpMfaDevice, getMfaDevices } from '@dynamic-labs-sdk/client';

const register = async () => {
  const { uri } = await registerTotpMfaDevice();
  // Render QR code from `uri`
};

const verify = async (code) => {
  await authenticateTotpMfaDevice({ code });
};

const listDevices = async () => {
  const devices = await getMfaDevices();
  console.log(devices);
};

import {
  getMfaRecoveryCodes,
  createNewMfaRecoveryCodes,
  authenticateMfaRecoveryCode,
} from '@dynamic-labs-sdk/client';

const showCodes = async () => {
  const { recoveryCodes } = await getMfaRecoveryCodes();
  console.log(recoveryCodes);
};

const rotateCodes = async () => {
  const { recoveryCodes } = await createNewMfaRecoveryCodes();
  console.log(recoveryCodes);
};

const authWithRecovery = async (code) => {
  await authenticateMfaRecoveryCode({ code });
};

import { authenticateTotpMfaDevice, deleteMfaDevice } from '@dynamic-labs-sdk/client';

const deleteTotpDevice = async (deviceId, code) => {
  // Create a single-use MFA token using the device to be deleted
  await authenticateTotpMfaDevice({
    code,
    createMfaTokenOptions: { singleUse: true },
  });

  // Use the MFA token from the client to authorize deletion
  const mfaToken = dynamicClient.mfaToken;
  await deleteMfaDevice({ deviceId, mfaAuthToken: mfaToken });
};