- Issue created by @jibus
- πΊπΈUnited States cmlara
Possibly already solved by π Decorate the user.auth service Fixed ?
Any calls to the UserAuth service (in 2.x) will require an OTP be present if configured for the user.
UI presentation would be up to the frontend app.
- π«π·France jibus
Yes, I saw this thread but it's not documented. Also, I think, the setup is not headless.
- πΊπΈUnited States cmlara
I saw this thread but it's not documented.
We can probalby open a folowup issue to document it. We added it before adopting GItLab Pages for technical documents.
Also, I think, the setup is not headless.
Good point, I'm going to need community feedback on that part as I haven not spent much time with headless setups.
Key initial concerns I would need scoping data on are:
API specs, both for plugins and for TFA to implement for external access. This will need to account for fact that each plugin type is different (do not cater just to HOTP/TOTP, assume plugins may do something more complex like profiling the installed hardware to make a device fingerprint).
Where is the cutover between module and UI, and how much 'internal knowledge' does that require having. - πΊπΈUnited States oknate Greater New York City Area
If you're using oauth2, you need to tell TFA to skip oauth2:
```
parameters:
tfa.auth_provider_bypass:
- 'oauth2'
```