Two-factor authentication

Two-factor authentication (2FA/TOTP) is not yet implemented in BitzOrcas. It is planned as an enhancement to the authentication system.

Planned implementation

Flow

Login with username + password
       │
       ▼
2FA enabled? → No → Issue JWT → Done
       │
       Yes
       │
       ▼
Enter TOTP code from authenticator app
       │
       ▼
Validate TOTP → Issue JWT → Done

TOTP verification

// Planned: Time-based OTP validation
public interface ITotpVerifier
{
    bool VerifyCode(string secret, string code);
    string GenerateSecret();
    string GenerateQrCodeUri(string email, string secret);
}

Recovery codes

One-time recovery codes for account recovery when the authenticator is unavailable.

Configuration (planned)

{
  "TwoFactor": {
    "Enabled": true,
    "Issuer": "BitzOrcas Platform",
    "CodeLength": 6,
    "CodeValiditySeconds": 30
  }
}

See also

Authentication — Current JWT/HMAC/API Key system