search

FusionAuth / fusionauth-issues

FusionAuth issue submission project
https://fusionauth.io
91 stars 12 forks source link

Endpoint to verify TOTP #513

Open johnmaia opened 4 years ago

johnmaia commented 4 years ago

Endpoint to verify TOTP

Problem

Nowadays it's very often to find applications where the user is required to enter a TOTP to authorize certain application related actions (e.g. approve a sell order). Due to this fact, it would be useful if FusionAuth could offer an endpoint that would simply verify a TOTP for a given user.

Solution

Add the following endpoints:

With the following behavior:

Code Description
204 The code request parameter is valid. The response will be empty.
421 The code request parameter is not valid. The response will be empty.

Alternatives/workarounds

Either we store the secret on our side or FusionAuth returns the twoFactorSecret when retrieving an user ( GET /api/user/{userId}) so that we can implement the TOTP code verification flow on our side.

How to vote

Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.

johnmaia commented 4 years ago

@robotdan will you consider this feature?

robotdan commented 4 years ago

Yes, I think this would be a good feature.

zbruhnke commented 4 years ago

We also very much would like this feature