feat(auth): implement TOTP two-factor authentication with enrollment and verification

Adds TOTP (Time-based One-Time Password) two-factor authentication support including:
- New TOTP service with secret generation, QR code provisioning, and code verification
- New auth endpoints for enrollment, verification, status, and backup code management
- New TOTP authentication method type and user methods for TOTP management
- Backup codes generation and verification for account recovery
- Updated OIDC endpoints with timezone-aware datetime handling and RFC-compliant responses
- Added "roles" scope support for OIDC userinfo and ID tokens
- New pyotp dependency for TOTP operations
- Comprehensive unit tests for TOTP service

This commit is contained in:

Cory Hawklvelt

2026-01-14 18:06:17 +10:30

parent 977abf66df

commit cfd79190ee

26 changed files with 2176 additions and 263 deletions

									
										README.md
									
		+4
		
												View File
												
				@@ -305,3 +305,7 @@ client_secret: acme_secret_portal_2024

				## User

				email: bob@acme-corp.com

				password: UserPass123!

				## Sqlite editor

				sqlite_web instance/db_file.db --port 9999 --host 0.0.0.0