2 factor authentication workflow integrating best practise


The OAuth2 flow base on:

And I found that Hydra supports 2FA already from issues:

After accepting login with the subject, remember… etc. There is acr file for 2FA
So how to implement & integrating 2FA flow here?


Hydra does not implement any 2FA/MFA schemes, this was the case a long time ago with the first prototype but is no longer so. MFA is the sole responsibility of your login endpoint, how you implement it is up to you. If you would like MFA to be compatible with OpenID Connect spec, you should consider the acr values which are sent as part of the HTTP call with the login challenge to ORY Hydra.