Home page
Hypermedia

Login challenge

At the end of this guide, you will have a secure 2FA verification step during login with dual rate limiting and support for both TOTP codes and recovery codes.

When a user with two-factor authentication enabled submits valid credentials, they are redirected to a challenge page instead of being logged in directly. The challenge page accepts either a 6-digit TOTP code from an authenticator app or a single-use recovery code.

The component includes:

  • Session controller modification to detect 2FA-enabled users
  • Challenge page with TOTP and recovery code modes
  • Dual rate limiting on the challenge endpoint
  • Alpine.js mode toggle between TOTP and recovery code input
Note

This guide requires you to complete the Two-Factor Setup, Two-Factor Enrollment, and Auth Login guides first.

Unlock access
Only Plus subscribers can access the documentation
Log in now