I am building a Spring Boot application (MVC) and configured OIDC authentication. I would like to add a second-factor authentication step to my app, but I can't figure out how to do so. The flow that I want to implement is as follows:
- my app receives a valid OIDC token from the OIDC Provider (at this point Spring typically creates the session in my application. But I need to do some further validation steps before creating the session)
- my app makes an API call to a 3rd party service to check if further authentication steps are needed
- if needed asks the user for further data (an OTP or something else)
- my app makes an API call to a 3rd party service to check the further data received from the user
- if valid an application session is created by Spring
What is needed in terms of configurations/extensions to achieve the above?
