Hi,

I would like to implement OAuth2 provider using your library with a two-step sign in. (After providing initial username / password, user is requested to fill in code sent by email / SMS)

Is this something that's possible using your library or would I have to implement my own custom flow.

Thank you!

I think you can manage two-step sign-in authentication in your system using code authentication of OAuth 2.0. (I have never implemented the authentication yet)

After authenticate user by 2-step sign in, your system just redirect to OAuth provider with code of OAuth. Perhaps, you need to keep a state parameter of OAuth that is generated by OAuth provider during authentication.

Thanks, i will try that! Could you confirm that it will also work for a native app? I assume for native app there is no redirect (unless I'm missing something)

Yes, I could already confirm it our service by using embed web browser on native app. (not 2-step sign in)

Conversely, I have no idea how to resolve this when native app uses password grant.