OAuth2 for native app with 2-step sign in
gregsilin opened this issue · comments
Hi,
I would like to implement OAuth2 provider using your library with a two-step sign in. (After providing initial username / password, user is requested to fill in code sent by email / SMS)
Is this something that's possible using your library or would I have to implement my own custom flow.
Thank you!
I think you can manage two-step sign-in authentication in your system using code authentication of OAuth 2.0. (I have never implemented the authentication yet)
After authenticate user by 2-step sign in, your system just redirect to OAuth provider with code
of OAuth. Perhaps, you need to keep a state
parameter of OAuth that is generated by OAuth provider during authentication.
Thanks, i will try that! Could you confirm that it will also work for a native app? I assume for native app there is no redirect (unless I'm missing something)
Yes, I could already confirm it our service by using embed web browser on native app. (not 2-step sign in)
Conversely, I have no idea how to resolve this when native app uses password grant.