Research & Implementation Path for TOTP (Authenticator Apps)

### Description
To improve security, we need to provide Time-based One-Time Password (TOTP) capabilities. We need to evaluate whether to use Zitadel’s built-in TOTP management or build a custom interface.

### Research Goals
* **Option A: Zitadel Auth-UI:** Can we utilize the Zitadel-hosted "MFA Setup" pages?
* **Option B: Custom API:** How difficult is it to fetch the secret/QR code via API and verify the first-time code through our own backend?
* **State Management:** How does the `auth-provider-zitadel` handle the MFA requirement status during the login flow if TOTP is enabled?

### Acceptance Criteria
- [ ] Documented API endpoints required for secret generation and verification.
- [ ] Proposed UI flow for QR code display and backup entry.
- [ ] Implementation plan for handling MFA challenges in the authentication bridge.

> [!NOTE]
>
> Preferred option is to leverage the implementation to the `auth-ui`

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Research & Implementation Path for TOTP (Authenticator Apps) #66

Description

Research Goals

Acceptance Criteria

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Research & Implementation Path for TOTP (Authenticator Apps) #66

Description

Description

Research Goals

Acceptance Criteria

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions