The UserRepresentation contains a totp member. The 23.0.0 docs show this as an optional boolean, but it's otherwise undocumented. After some experimenting, I think that:
- This field isn't writeable
- If you read it, it returns true if TOTP is enabled for that user, and has been set up
The other alternative is requiredActions. If you add CONFIGURE_TOTP to the array you can enable TOTP, but if you remove CONFIGURE_TOTP from the array TOTP remains enabled.
So what have I missed? How do I turn off TOTP? Thanks.
Figured it out. In 23.0.1 you can disable OTP manually from the UI by going to users > credentials, and deleting the OTP credential. If you get a debug window in the browser and check the network activity this turns into a
DELETE /admin/realms/{realm}/users/{id}/credentials/{credentialId}.The only difficult bit is getting the
credentialId. To do this,GET /admin/realms/{realm}/users/{id}/credentials, which returns an array ofCredentialRepresentation. If you have an object with a type ofotpthen that's your OTP credential, and the associatedidis the requiredcredentialId.The only other confusing part is that
totpin the user'sUserRepresentationis actually read-only. It sets itself true when the user has completed OTP setup. The UI behaves in exactly the same way: if you select your user, and look at the credentials tab, the OTP credential doesn't appear till the user has completed setup and logged in with a TOTP.