Hi,
I have successfully setup the login flow between weweb an xano using the xano plugin. I want to expand this with a 2FA by using a temporary one time password (TOTP). Is this possible and if so, how can I set this up. The flow I have in mind is:
User logs in on frontend
Login Endpoint fetches user by user name and password but does not genereate a token yet
If 2FA is not enabled it generates an otpauth uri (with id and secret to setup 2FA. This uri is returned to weweb an with a bit of javascript it is presented as a qrcode
Scans the barcode to add the totp to the authenticator app, and fills in the generated code and submits it to xano The code is validated in xano. And if successful 2fa is enabled. User is returned to login (or logged in)
When user logs in again, and step 2 is followed. But 2fa is enabled. So frontend shows input for totp code. Which is submitted to xano.
Code is validated, username password is validated and then token is returned.
Is something like this possible?