0.7.0 Multi-Factor Authentication #945
Description
Describe the feature
Documentation for MFA :- https://www.notion.so/OpenLogo-Multi-Factor-Authentication-MFA-2f22b168c4f0806dbd11e16bebd9f960?source=copy_link
Start Date: 26/01/2026
Changes need to done:
Schema Changes:
Extend the User schema to support MFA state management and secret handling.
{
mfaEnabled: {
type: Boolean,
default: false,
},
mfaSecret: {
encrypted: { type: String, default: null },
iv: { type: String, default: null },
tag: { type: String, default: null } // Permanent encrypted mfa secret
},
mfaTempSecret: {
type: String,
default: null, // Temporary mfa secret
},
mfaTempSecretExpiresAt: {
type: Date,
default: null, // Expiration time to prevent misuse of mfaTempSecret
},
}API Route Additions :
The following routes must be added to support MFA authentication and lifecycle management.
Sign-in with MFA Enabled
POST /signin/mfa
router.post("/mfa/sigin", mfaSigninController);Enable MFA (Setup)
POST /mfa/setup
router.post("/mfa/enable", authMiddleware, mfaSetupController);Verify MFA After Setup
POST /mfa/verify
router.post("/mfa/verify", authMiddleware, mfaVerifyController);Cancel MFA Setup
POST /mfa/cancel
router.post("/mfa/cancel", authMiddleware, mfaSetupCancelController);Disable MFA
POST /mfa/disable
router.post("/mfa/disable", authMiddleware, mfaDisableController);It should be implemented because ? Additional context
No response
Confirmation
- I have searched for similar issues before creating this one.
- I have provided all the necessary information to understand this documentation issue.