I have a PHP Laravel backend application that uses the Passport package for authentication. I want to integrate Two-Factor Authentication (2FA) using Twilio into the login flow.
The issue I’m facing is that the /oauth/token API in Laravel Passport automatically creates an access token and authenticates the user as soon as valid credentials are provided. Because of this, there’s no opportunity to introduce a 2FA step before the token is issued.
My goal is to:
- Validate the user’s credentials (email and password).
- If 2FA is enabled for the user, send a verification code via Twilio and require the user to verify it.
- Issue the access token only after the 2FA verification is successfully completed.
How can I modify or extend the Passport authentication flow to achieve this? Any guidance or examples would be greatly appreciated!