in packages/better-auth/src/plugins/two-factor/backup-codes/index.ts [95:232]
verifyBackupCode: createAuthEndpoint(
"/two-factor/verify-backup-code",
{
method: "POST",
body: z.object({
code: z.string(),
/**
* Disable setting the session cookie
*/
disableSession: z
.boolean({
description: "If true, the session cookie will not be set.",
})
.optional(),
/**
* if true, the device will be trusted
* for 30 days. It'll be refreshed on
* every sign in request within this time.
*/
trustDevice: z
.boolean({
description:
"If true, the device will be trusted for 30 days. It'll be refreshed on every sign in request within this time.",
})
.optional(),
}),
metadata: {
openapi: {
description: "Verify a backup code for two-factor authentication",
responses: {
"200": {
description: "Backup code verified successfully",
content: {
"application/json": {
schema: {
type: "object",
properties: {
user: {
type: "object",
properties: {
id: {
type: "string",
description: "Unique identifier of the user",
},
email: {
type: "string",
format: "email",
nullable: true,
description: "User's email address",
},
emailVerified: {
type: "boolean",
nullable: true,
description: "Whether the email is verified",
},
name: {
type: "string",
nullable: true,
description: "User's name",
},
image: {
type: "string",
format: "uri",
nullable: true,
description: "User's profile image URL",
},
twoFactorEnabled: {
type: "boolean",
description:
"Whether two-factor authentication is enabled for the user",
},
createdAt: {
type: "string",
format: "date-time",
description:
"Timestamp when the user was created",
},
updatedAt: {
type: "string",
format: "date-time",
description:
"Timestamp when the user was last updated",
},
},
required: [
"id",
"twoFactorEnabled",
"createdAt",
"updatedAt",
],
description:
"The authenticated user object with two-factor details",
},
session: {
type: "object",
properties: {
token: {
type: "string",
description: "Session token",
},
userId: {
type: "string",
description:
"ID of the user associated with the session",
},
createdAt: {
type: "string",
format: "date-time",
description:
"Timestamp when the session was created",
},
expiresAt: {
type: "string",
format: "date-time",
description:
"Timestamp when the session expires",
},
},
required: [
"token",
"userId",
"createdAt",
"expiresAt",
],
description:
"The current session object, included unless disableSession is true",
},
},
required: ["user", "session"],
},
},
},
},
},
},
},
},