Open sasetz opened 1 year ago
I suggest the first release firstly simple authorization and authentication, after we can decide about TF.
I'm afraid this has to do with Spring Security, so I will have to pass this to you, @IlliaPonomarov, so I'm reassigning it to you. Here's a link that might be helpful: https://github.com/samdjstevens/java-totp/blob/master/totp-spring-boot-starter/README.md
The users need to be able to set up a two-factor authentication in order to better protect their accounts. For now, we can only implement the simplest TOTP (Google authenticator) method, so that we don't need to mess with phone numbers, emails and stuff Although, an email 2FA can be implemented as well, it is not as complicated
users
table (secret, 2FA method = none, totp, email)