Autional Autional
API Reference GitHub autional.com →

POST /mfa/push/deny

User denies a Push MFA challenge via device. Reference: NIST SP 800-63B §5.1.7 (Verifier Impersonation Resistance), OWASP ASVS V2.8.

Multi-Factor Authentication `bearerAuth` application/json

Request Body

Schema: dto.PushDenyRequest

FieldTypeRequiredExampleConstraintsDescription
challenge_id string Yes chal-abc123
number_matching string Yes 42
device_key string No hmac-sig

Responses

StatusDescriptionSchema
200Denied successfullydto.ValidDetailResponse
400Invalid parameter or challenge expiredgitee_com_linmes_authms_base_dto.SimpleResponse
401Unauthenticatedgitee_com_linmes_authms_base_dto.SimpleResponse
404Challenge not foundgitee_com_linmes_authms_base_dto.SimpleResponse
500Internal server errorgitee_com_linmes_authms_base_dto.SimpleResponse

Referenced Schemas

dto.ValidDetailResponse

FieldTypeRequiredExampleConstraintsDescription
code integer No
data dto.ValidResponse No
message string No
timestamp string No

dto.ValidResponse

FieldTypeRequiredExampleConstraintsDescription
valid boolean No True

gitee_com_linmes_authms_base_dto.SimpleResponse

FieldTypeRequiredExampleConstraintsDescription
code integer No
message string No
timestamp string No