Login flow + 2FA OTP

jgjimenezs · November 19, 2025, 12:58am

I am creating an API to do the OTP verification for a user with 2FA since there is no api for use in curl. I have the code but without the flow between the login and the OTP I cannot continue.

I have the user with 2FA activated, I log in using api rest client

I get a token and I use it to consult

{“path”: “ns.ovpnrw”, “method”: “list-users”, “payload”: {“instance”: “ns_roadwarrior1”}}

But it returns me, I know it’s because of the lack of validation of the otp

{
“code”: 403,
“data”: null,
“message”: “you don’t have permission to access this resource”
}

I think there must be a record that validates and generates a different token or when validating otp it is given permissions to use the APIs, (I inquire)

In each token it tells me if 2FA is activated or not but I don’t know if I’m missing something
{

  "2fa": true,

  "actions": [],

  "exp": 1763601616,

  "id": "User2FA",

  "orig_iat": 1763515216,

  "role": ""

jgjimenezs · November 19, 2025, 2:03am

I was going to sleep but I turned my head until I knew how the process is, I found the flow, via web when logging in it does not generate the token but after validating the otp. Tomorrow I will continue until I achieve the use in the app. I will not create the api since I will use the nethsecurity one.

jgjimenezs · November 19, 2025, 2:31am

Ready. Tomorrow I will start the development to log in with a 2FA user from the app.

jgjimenezs · November 19, 2025, 9:50am

Good morning, developing the update for the use of OTP 2FA in the app, right now it’s in the oven.