When you receive a login attempt that may or may not be the account owner, you will want to provide a step-up challenge to verify if the user is the owner of the account. Once you have completed this challenge, the outcome of the challenge should be recorded.

Language
Authorization
Basic
base64
:
Click Try It! to start a request and see the response here!