I want to implement two-factor authentication (2FA) in my application, where the 2FA codes are stored in the database. I want 2FA to be optional and only enabled for selected users. I am not sure how the login flow should look and what attributes I should check during the login process. Could you provide guidance on the database structure and example REST API endpoints?
Login Flow with 2FA
User Login:
The user enters their login credentials (username and password) in the login form.
The server verifies these credentials and checks if the user has 2FA enabled.
2FA Verification:
If the user has 2FA enabled, the server sends a 2FA code to the user via a pre-configured channel email.
The user enters the received 2FA code in an additional form.
Login Confirmation:
The server verifies the correctness of the 2FA code.
If the code is correct, the user is logged into the application.