Two factor authentication using AngularJS, ASP.NET WebAPI and OAuth
My application uses two factor authentication with username / password followed by a code sent to the user via SMS or email. I am using cookies to remember users, but now I want to use bearer tokens in OAuth using OWIN instead.
Does OAuth solve two-factor authentication? If not, it would be a bad idea:
- Client sends (posts) user credentials to
/api/authentication
(ApiController)- If the credentials are incorrect, the server responds
400 Bad Request
- If the credentials are correct, the server generates a code and sends it to the user via SMS. Then he replies
401 Unauthorize
to theWWW-Authenticate: ???
client
- If the credentials are incorrect, the server responds
- Client submit code to
/token
(OAuth) withgrant_type=password&username={code}
+3
source to share
No one has answered this question yet
Check out similar questions: