· Jul 25

2FA on REST API with JWT

I successfully setup a REST web application with JWT enabled, which is fantastic.  My next configuration 'challenge' is to add 2FA to this REST app.  First question first - is this possible with the OpenAPI generated /login?  The end goal is to build out a SPA (React) using /login for the JWT and adding the Auth bearer token for api calls.  I'd like to prevent the token generation until the 2FA is satisfied - or generate the token, but test if the 2FA is satisfied before allowing calls forward.  Hope that's clear.

Discussion (5)1
Log in or sign up to continue

Oh I see... I'm still studying the case, but here is an idea:

Instead of having the client access directly the /login, you can put a layer between them. The client access your layer, that forwards the request to the /login, receives the response but only sends it after the 2FA. Does it work for you?

Also, idk if you have checked it out already, but this link might help: