robere2
commented
1 year ago I've been looking into Supertokens, which appears to have improved quite a bit since I last looked at it. This could replace all of our authentication needs, which is likely a good idea anyway. Managing authentication workflow adds unnecessary risk to our goals with this project.
Note, Supertokens seems to only support 2FA via email and SMS as of writing this comment, however more methods are in the works.
Users should be able to enable two-factor authentication for their account. Additionally, groups/users should have an additional property specifying whether 2FA is required for that user/members of that group.
Possible 2FA methods: