Two factor authentication using AngularJS, ASP.NET WebAPI and OAuth

Question

Two factor authentication using AngularJS, ASP.NET WebAPI and OAuth

My application uses two factor authentication with username / password followed by a code sent to the user via SMS or email. I am using cookies to remember users, but now I want to use bearer tokens in OAuth using OWIN instead.

Does OAuth solve two-factor authentication? If not, it would be a bad idea:

Client sends (posts) user credentials to /api/authentication

(ApiController)
- If the credentials are incorrect, the server responds 400 Bad Request
- If the credentials are correct, the server generates a code and sends it to the user via SMS. Then he replies 401 Unauthorize
  
  to the WWW-Authenticate: ???
  
  client
Client submit code to /token

(OAuth) withgrant_type=password&username={code}

+3

angularjs authentication asp.net-web-api oauth two-factor-authentication

Peter Hedberg 23 Sep 14 at 7:56

source to share

No one has answered this question yet

Check out similar questions:

240

What is the purpose of the implicit grant authorization type in OAuth 2?

175

SPA Best Practices for Authentication and Session Management

155

SSO with CAS or OAuth?

66

Authentication with AngularJS, Session Management and Security Issues with REST Api WS

31

AngularJS routing and authentication token with webapi

eleven

OAuth 2.0 - Why is the authorization server returning 400 instead of 401 when the resource owner's credentials are invalid?

ten

Using OAuth and Basic Auth in Asp.Net Web Api with Owin

3

How do I get authenticated from automated tests against WebAPI with Owin protection?

2

Custom two-factor authentication in WCF

0

oauth version 1 missing authentication credentials

Two factor authentication using AngularJS, ASP.NET WebAPI and OAuth

More articles: