You can follow the MFA process by working your way down this process, clicking the green arrows as they become available. You can step back to any previous point by clicking on yellow arrows.
| 1 | you include the Anubis library on your webpageThat's kind of a common theme throughout everything Anubis-related. <script src="https://anubis.zehuti.com/embed" data-anubis="your-public-key"></script> | |
| 2 | one of your users wants to use Anubis 2FA with your websiteYou call the Anubis site library function with a callback function. anubis.mfa(success, fail); Anubis then presents the user with a QR code for them to scan. Try it now with the big green arrow! (There's functionality for multiple user accounts on the same authenticator id, but we'll cover that in the documentation.) | |
| 3 | Anubis calls your success method with your relationship key with the user. It's unique to your website's interaction with them. You store it on your server next to that user's record. | |
| 4 | your user is logging on again, so you want to challenge themOn your server (we're faking it here), you call Anubis with the relationship key (authenticating your secret key), and receive a challenge key back. https://anubis.zehuti.com/mfa/auth/relationship-key | |
| 5 | You call Anubis' JS site library again, and ask it to wait for the user to approve or reject the challenge. anubis.wait(challenge-key, success, fail); | |
| 6 | You can't consider anything that happens client-side as trustworthy, so when your success code is called, you'll double-check the result server-side. https://anubis.zehuti.com/mfa/check/challenge-key | |
| 7 | you can also send other notifications to usersAgain, we're faking it here, but this only works from your server, but you can send other notifications to your users which will turn up on their app and, if they've enabled them, as pop-up notifications. You can add a URL to send users to when they click on your notification, too. https://anubis.zehuti.com/mfa/comm/relationship-key |