Use Case :
- Mobile App logs into frappe for consuming REST API
- App user is not expected to remember passwords. Password won’t be asked. Only the OTP will be verified and bearer token will be handed.
- Mobile number is username
Server Side Frappe App :
Basic endpoints for non-standard otp generation and authentication.
NOTE: this is not standard TOTP mentioned here RFC 6238 - TOTP: Time-Based One-Time Password Algorithm. This was developed specifically because enter password step needed to be dropped
Standards based OTP (pyotp) generation and 2FA is being contributed and is recommended.
Mobile OTP Authenticator Library for Android
This is Kotlin based library, can be imported in Java app.
XMLs designed are very basic, after importing the library override them with your own cool designs and keep the names same in your app.
It uses SmsVerifyCatcher to read the SMS. Login screen copies OTP into OTP input and proceeds automatically once SMS is received.
Everthing else is same as OAuth2Authenticator