MFA & Social Login (SSO)
Multi-Factor Authentication (`/mfa`)
AuthTuna implements the TOTP standard (compatible with Google Authenticator, Authy, etc.) along with recovery codes.
| Endpoint | Function |
|---|---|
| /mfa/setup | Generates TOTP secret/QR code URI for setup. |
| /mfa/verify | Verifies the setup code to enable MFA. |
| /mfa/validate-login | Completes login using an MFA code or recovery code. |
| /mfa/disable | Disables MFA for the current user. |
Social Login (SSO)
If configured with client IDs and secrets, the social_router handles OAuth2 flows for providers like Google and GitHub, automatically linking or creating user accounts.
Configuration
To enable SSO, you need to configure the following settings in your .env file:
Google SSO
GOOGLE_CLIENT_ID="your-google-client-id"
GOOGLE_CLIENT_SECRET="your-google-client-secret"
You can obtain these credentials from the Google API Console. When creating your credentials, you'll need to specify the authorized redirect URIs. For AuthTuna, the redirect URI is {API_BASE_URL}/auth/google/callback.
GitHub SSO
GITHUB_CLIENT_ID="your-github-client-id"
GITHUB_CLIENT_SECRET="your-github-client-secret"
You can obtain these credentials from your GitHub developer settings. When creating your OAuth App, you'll need to specify the authorization callback URL. For AuthTuna, the callback URL is {API_BASE_URL}/auth/github/callback.