2FA with TOTP using Google Authenticator for self service app

[PRASHANT KHANDELWAL <f2...@pilani.bits-pilani.ac.in>]

Hi Ed,
I am working on the feature to add support for 2FA using Google
Authenticator.
I got to know about the previous implementations of similar feature
regarding this.
Here are some of the links:

   1.
   https://mifosforge.jira.com/wiki/spaces/projects/pages/185277689/GSoC+2017+-+Two-Factor+Authentication#GSoC2017-Two-FactorAuthentication-api_delivery
   2. https://github.com/apache/fineract/pull/374
   3. https://github.com/openMF/android-client/pull/727

These include the implementation of 2FA using SMS/email. Fineract has this
merged already.
I don't see any way how can I use the existing implementation to implement
Time based OTP 2FA.
Using Google Authenticator is an option. To implement it on Android, this
library <https://github.com/wstrange/GoogleAuth> does the job easily.
Now, for this whole system to work, I need to save one more parameter,
'google_authenticator_key' to the server associated with the user.
So, I would be needing two changes to the API:
1. A new API endpoint to save/update the 'google_authenticator_key' against
the user.
2. To update the authentication API endpoint to also return the
'google_authenticator_key'.

It would be really helpful if someone can help me with this or connect me
to the right person.
--
Regards,
*Prashant Khandelwal*
M.Sc.(Hons.) Mathematics and B.E.(Hons.) Computer Science

Mobile: +91 8077653023 | +91 8267851475

Email: Personal <pr...@gmai.com> | BITS Mail
<f2...@pilani.bits-pilani.ac.in>

*Birla Institute of Technology and Science Pilani*

*Vidya Vihar, Pilani*
*Rajasthan - 333031, India*