Added Two Factor Authentication (2FA)

[allenpigar]

No description provided.

[shrunyan]

What is the purpose of having verify2FaAuto and verify2Fa?
Why do the functions require a bearer token? There would be no session at this point in the login flow.

[allenpigar]

Hi @shrunyan , verify2FaAuto and verify2Fa are function for checking if MFA token are verified once the two-factor authentication is enable during login.
if the user tried to login with two-factor authentication is enabled, they will receive this response,

MFA Flow

1. Login account using credentials email and password.
2. if account requires 2FA, notification will be sent from authy app for confirmation.
3. verify token. Either provide mfa token from authy or approve the login request from the app.
   • use verify2Fa(session_token, mfa_token) to manually validate session token and mfa token.
   • verify2FaAuto(session_token) doesnt require mfa token from the app but need to keep on firing until the user approves the login request from the app.
4. if verified, continue login

[shrunyan]

How will verify2FaAuto keep firing? Is it expected that the consumer of the function manages the continually calling until the MFA is verified?

[allenpigar]

Yes, user must provide the logic to manage the continues firing of the function. this implementation is same used as accounts login.

[shrunyan]

If the "auto" nature of the process is implemented by the sdk consumer I do not see why we would need two variations of this function. i.e. the verify2fa and verify2faAuto