bozuriciyu2019-12-14 22:44:04
bozuriciyu, 2019-12-14 22:44:04

2FA + JWT how to do?

There is a simple authorization service that issues, checks JWT, saves users in the database. I want to add the 2fa feature, for example, the OTP code from the application or to the mail (let it be sent to the mail for example). Service as an API.
Everything happens in an elementary way - the user enters login data on the front, the front sends to the api, the api returns the answer. How to correctly add a two-factor to such a scheme? Some intermediate state is needed - i.e. The user logged in, but did not enter the code? How is it customary to store it? No session - JWT. In general, how is it usually implemented in such services?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
xmoonlight, 2019-12-14

All intermediate states are the client side + mathematical algorithm + timer / code.
You need to keep the procedure and update the verification code (if necessary) without re-authorization.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question