...
As an authenticated user, that has editing rights to the targeted user use
POST
[users] /users/{userId}/googleauth...
In the first step, we login with user name and password:
POST
[app-login-controller] /app/auth
...
We use the above factor-1 token and the verification code, that the mobile app currently shows for new account.
POST
[app-login-controller] /app/mf-auth
...
The MFA logins from now on don't exchange the secret anymore. Anything else works the same.
POST
[app-login-controller] /app/auth
...
We use the above factor-1 token, and the verification code, that the mobile app currently shows.
POST
[app-login-controller] /app/mf-auth
...