Hello there, my dev team is using supertokens for managing authentication. The client requested two-factor authentication and I found out it's work in progress in supertokens. Is it possible to know how it's going? In how much time roughly it will be released?

Hey! What is the first and second factor that you need? It may already be possible to add this if we have the recipe for the second factor

Google Authenticator-like

ah i see. That will probably take several months. If you find another way of adding google authenticator, you can use that along with supertokens and it would work well. What you need to do is on session creation (after 1st factor), save a flag in the access token indicating that only the first factor is complete. Your APIs and sensitive routes on the frontend could allow access only if first and second factor is complete (as marked in the access token). If not, they could redirect the user to the second factor screen. After the second factor is done, you could update the access token to mark that both the factors are done granting the user access to the app. ----------- If not all users should have 2fa, you can even save that info in the access token after the first factor is done and change the API access logic accordingly.

that's probably how we're going to proceed then! Thank you so much

Do let us know if you require any assistance on this! Would be happy to help.