API Name: global.PwdVerifyGoogleAuthProcessor

var PwdVerifyGoogleAuthProcessor = Class.create();

PwdVerifyGoogleAuthProcessor.prototype = {
category: 'password_reset.extension.verification_form_processor', // DO NOT REMOVE THIS LINE!

* Initialization stuff here...

initialize: function() {

* Process the verification form request, and return whether the user was successfully verified
* @param params.resetRequestId The sys-id of the current password-reset request (table: pwd_reset_request)
* @param params.userId The sys-id of the user trying to be verified (table: sys_user)
* @param params.verificationId The sys-id of the verification to be processed (table: pwd_verification)
* @param request The form request object. fields in the form can be accessed using: request.getParameter('<element-id>')
* @return boolean telling whether the user is successfully verified

processForm: function(params, request) {
return this.verify(params.resetRequestId, params.userId, params.verificationId, request);

* verify - returns true/false whether the user is verified for this verification method.
* This will compare the OTP code provided by the user to the one generated using their secret key on the server, and return true
* if there is a match (within a certain clock skew)
* Params:
* @enrolled_user_id
* @verification
* @request - the request object that was submitted by the user in the verification form

verify: function(reset_request_id, enrolled_user_id, verification, request) {

// If we already validated the code (e.g. in step 1 of the reset process) then return that result since we validate
// everything at the end, and the code could have expired causing a false negative
var reqVerGr = new GlideRecord('pwd_map_request_to_verification');
reqVerGr.addQuery('verification', verification);
reqVerGr.addQuery('request', reset_request_id);

var recordExists = reqVerGr.next();
if (recordExists && reqVerGr.getValue('status') == 'verified')
return true;

var isValid = SNC.PwdMultifactorAuthUtilWrapper.isResponseValid(request.getParameter("sysparm_otp_code").trim(), enrolled_user_id);

reqVerGr.setValue('status', isValid? 'verified' : 'not_verified');
if (!recordExists) {
reqVerGr.setValue('request', reset_request_id);
reqVerGr.setValue('verification', verification);

return isValid;

type: 'PwdVerifyGoogleAuthProcessor'