@T-Mac @alpaca-tc I merged this in but I am wondering if the way 2FA is implemented could be modified.
Is it fair to assume that the user will know they have 2FA enabled (just like a user would know if they have an Enterprise account)? If so, it seems like a cleaner approach could be to ask if 2FA is enabled on setup, take in an extra auth code input, and then obtain the token using the OTP header.
This would eliminate the separate 2FA method as well as avoid checking for 2FA if we get a 401 (as getting 401 doesn't explicitly mean 2FA is enabled)
@T-Mac @alpaca-tc I merged this in but I am wondering if the way 2FA is implemented could be modified.
Is it fair to assume that the user will know they have 2FA enabled (just like a user would know if they have an Enterprise account)? If so, it seems like a cleaner approach could be to ask if 2FA is enabled on setup, take in an extra auth code input, and then obtain the token using the OTP header. This would eliminate the separate 2FA method as well as avoid checking for 2FA if we get a 401 (as getting 401 doesn't explicitly mean 2FA is enabled)
Thoughts?