CharlieEarnup
commented
4 years ago So to clarify the issue I have is that the passport-jwt only passes back the user and no more information. Whereas session stores the second factor in the session.
So I guess what I'm really asking is how would I use TOTP with jwt's? I can probably figure it out once I know that.
I have my server set up to pull from either a session (provided in the cookie) or from the JWT. I also have totp set up.
The issue is I want to enforce totp for all cookie sessions, but for jwt sessions (generally meaning another service is making the request) it would probably not be necessary.
How do I differentiate between the two. Is there some way to modify the session via the Strategy callback?