Factor
A factor is any verifiable credential used when authenticating. The factor types currently supported are:
- username
- OpenID subject (e.g. a unique identifier for a Google account)
- password
- one-time password (from an authentication app)
- magic code (currently sent via email)
Email, username and OpenID subject can also be used to find an identity — they will be the first factors asked of the user.
Using rulesets these can be combined to create multi-factor authentication flows. Magic codes can also be used to provide one-time email verification.