I have implemented an API in Express with passportjs local strategy for authentication, now I would like to enforce security by adding the possibility for the user to log in using two factor authentication, for that it exists passport-totp strategy, I read about it and saw some working example, but I didn't find out yet what I want to implement. I would like on a same route (let's say /login) to check if the authenticating user has the 2fa previously enabled (this would be handled by user settings) or not, if it is enabled then having it authenticated only if the user complete the authentication by following the 2fa additionnal verification, if it is not enabled, having the user authenticated by they simple login/password credentials.
If anyone could explain to me how to do it (the big picture) or if you know any example of look a like implementation, I would be very pleased !
Thank you
I ended by dropping passport-totp, implementing simple authentication flow with local strategy and added a custom layer to handle second factor