A2F: Implementation
====================

Implement A2F in the middleware
--------------------------------

A2F has beeb implemented in middleware using a level field in JWT.
Level has two status: mid and full.

Full gives you access to all routes while mid only gives you access to /login

Depending on your a2f level, /login will give you a full or a mid level token.


Available method
----------------

Only two methods are available:
- TOTP code
- Email code

To enable a method, you must generate and verify a code.

TOTP code
---------

Use /totp/generate to generate a totp code

The returned payload contains the following fields:

.. code-block:: json

    {
        "url": "otpauth://totp/AREA:email?secret=generated-secret&issuer=AREA",
        "secret": "generated-secret"
    }

To verify the code, you must use /totp/validate

When validated, totp is enabled by default for the user

The payload must contain the following fields:

.. code-block:: json

    {
        "code": "code"
    }

Email code
----------

Use /email/generate to generate an email code

An email will be sent to the user with a random code.

To verify the code, you must use /email/validate with the following payload:

.. code-block:: json

    {
        "code": "code"
    }

Select A2F method
-----------------

To select an A2F method, you must use the route /2fa/method

The payload must contain the following fields:

.. code-block:: json

    {
        "method": "method"
    }

Where method is either totp, email or none

Login with A2F
--------------

To get full access token when using A2F, you must use the route /login/a2f

The payload must contain the following fields:

.. code-block:: json

    {
        "code": "code"
    }

Where code is the code generated by the selected method

You must use the new token to access all routes