Verify 2FA credentials during hub operator staff login

[PaulMakinMojaloop]

If a 2FA solution has been deployed as part of a Mojaloop Hub, then its use should be enforced.

This story assumes that a staff member's details have been created in the IAM solution by another staff member who has the appropriate credentials/privileges appended to their role, and that a second authentication factor has been associated with their identity.

When the staff member successfully logs on using their assigned credentials, a check should be made as to whether or not a second factor has been associated with their identity.

If a 2FA is found:

• the staff member should be prompted to access their 2FA solution, and share the displayed credential with the Hub's IAA through the login portal
• The Hub IAM solution should verify that the entered credential matches (one of) the acceptable solutions that would be anticipated from the registered 2FA mechanism
• If a match is found, then the user is said to have completed login, and control is passed to the appropriate Hub portal

If no 2FA is found:

• The Hub operator should be requested to register a 2FA mechanism (see https://app.zenhub.com/workspaces/vnext-workstream-660fc8b866c04915432fd68f/issues/gh/mojaloop/project/3889)

Acceptance Criteria

1. Scenario: 2FA enforcement during hub operator staff login
   • Given a hub operator staff member is attempting to log in
   • When their credentials are checked and a 2FA solution is associated with their identity
   • Then the staff member should be prompted to access their 2FA solution and share the displayed credential with the Hub's IAA through the login portal
   • And the Hub IAM solution should verify that the entered credential matches the anticipated solution from the registered 2FA mechanism
   • And if a match is found, the user is said to have completed login and control is passed to the appropriate Hub portal