Two-Factor Authentication
Two-factor authentication (2FA) using Time-based One-Time Passwords (TOTP) adds an extra layer of security to user authentication.
These codes expire after a short period, making it difficult for attackers to gain unauthorized access even if passwords are compromised.
You can see the implementation below
https://github.com/madewithnovel/novel/blob/main/packages/novel/auth.js#L142
https://github.com/madewithnovel/novel/blob/main/app/api/internal/v1/auth-mfa/index.ts
Confugration
You will need to set up the mfa
setting to true in config/auth.js
.
export default {
/**
* Allows the use of MFA for users in the application.
*/
mfa: true,
}
API
You can use /auth/password/mfa
to perform a Magic Link flow.
Proceed to the application after a successful MFA attempt.
Authentication successful. Redirecting to next step...
POST /auth/{strategy}/mfa HTTP/1.1
Host:
Content-Type: application/json
Accept: */*
Content-Length: 14
{
"otp": "text"
}
Authentication successful. Redirecting to next step...
No content
Changelog
2024-12-20 - Initial Documentation
Last updated
Was this helpful?