AshAuthentication.Strategy.Totp.GeneratePendingSetupChange
(ash_authentication v5.0.0-rc.5)
Copy Markdown
View Source
Generates a pending TOTP setup for two-step confirmation.
This change is used when confirm_setup_enabled? is true. Instead of storing
the secret directly on the user, it:
- Generates a new TOTP secret
- Creates a setup token containing the secret
- Stores the token in the token resource
- Returns the setup_token and totp_url in the user's metadata
The user must then call the confirm_setup action with a valid TOTP code to activate the secret.