Two factor authentication using AngularJS, ASP.NET WebAPI and OAuth

My application uses two factor authentication with username / password followed by a code sent to the user via SMS or email. I am using cookies to remember users, but now I want to use bearer tokens in OAuth using OWIN instead.

Does OAuth solve two-factor authentication? If not, it would be a bad idea:

  • Client sends (posts) user credentials to /api/authentication

    • If the credentials are incorrect, the server responds 400 Bad Request

    • If the credentials are correct, the server generates a code and sends it to the user via SMS. Then he replies 401 Unauthorize

      to the WWW-Authenticate: ???

  • Client submit code to /token

    (OAuth) withgrant_type=password&username={code}


source to share

All Articles