A2F: Implementation

Implement A2F in the middleware

A2F has beeb implemented in middleware using a level field in JWT. Level has two status: mid and full.

Full gives you access to all routes while mid only gives you access to /login

Depending on your a2f level, /login will give you a full or a mid level token.

Available method

Only two methods are available: - TOTP code - Email code

To enable a method, you must generate and verify a code.

TOTP code

Use /totp/generate to generate a totp code

The returned payload contains the following fields:

{
    "url": "otpauth://totp/AREA:email?secret=generated-secret&issuer=AREA",
    "secret": "generated-secret"
}

To verify the code, you must use /totp/validate

When validated, totp is enabled by default for the user

The payload must contain the following fields:

{
    "code": "code"
}

Email code

Use /email/generate to generate an email code

An email will be sent to the user with a random code.

To verify the code, you must use /email/validate with the following payload:

{
    "code": "code"
}

Select A2F method

To select an A2F method, you must use the route /2fa/method

The payload must contain the following fields:

{
    "method": "method"
}

Where method is either totp, email or none

Login with A2F

To get full access token when using A2F, you must use the route /login/a2f

The payload must contain the following fields:

{
    "code": "code"
}

Where code is the code generated by the selected method

You must use the new token to access all routes