Extension:OATHAuth

The OATHAuth extension is a time-based one-time password (TOTP) implementation. It provides two-factor authentication via something you have (your phone or desktop client) and something you know (your user name/password). Client support is available for most feature phones, smartphones and desktops (see Client implementations). This extension has nothing to do with OAuth, which is a totally different protocol.

Configuration

 * $wgOATHAuthWindowRadius
 * Defaults to " ". Controls ... TODO


 * $wgOATHAuthDatabase
 * Defauls to " ". Controls ... TODO


 * $wgOATHAuthSecret
 * Defauls to " ". Controls ... TODO


 * $wgOATHAuthAccountPrefix
 * Defauls to " ". Controls ... TODO

Granting access to enable OATHAuth
Users should be given access to the  user right so that they can enable it at Special:OATHAuth (a link to which appears at Special:Preferences).

The above will grant all registered users access to enable OATHAuth.

Resetting a user token
In the event that a user both loses their token generator AND the recovery tokens; two-factor authentication may be removed from the user by deleting their row from the  database table. A sysadmin with shell access may type on a command line  and then execute   where is the user to have 2FA disabled to have it disabled.