Two-Factor Authentication (2FA) with TOTP

[Cedarich]

Labels: Backend, Security, Auth
Complexity: High (200 points) 🔐

Description

Add an extra layer of security by implementing Two-Factor Authentication using Time-based One-Time Passwords (TOTP).

Requirements / Context

• Use otplib or speakeasy.
• Flow: Enable 2FA -> Generate Secret -> Verify -> Require on Login.

Acceptance Criteria

• POST /auth/2fa/generate and POST /auth/2fa/enable.
• POST /auth/2fa/verify for login.
• QR code generation for authenticator apps.

---

[devcarole]

@devcarole has applied to work on this issue as part of the Stellar Wave Program's 3rd wave.

I would like to work on this issue because TOTP-based 2FA is a foundational security layer for any platform handling user accounts. I'll implement the full flow using otplib or speakeasy: secret generation, QR code output for authenticator apps, enable confirmation, and login-time verification across POST /auth/2fa/generate, /enable, and /verify.
Thanks!

ℹ️ Repo Maintainers: To accept this application, review their application or assign @devcarole to this issue.

[drips-wave]

Congratulations, @devcarole! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on March 30, 2026.

🧑‍💻 @devcarole: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊