Progressing on adding google auth compatible two factor authentication to !gnusocial.   I'm trying to figure out the trickiest bit so far which is hooking into the authentication process.  There is an onEndPasswordCheck event which seems to give a hook into the login process but it has no way of affecting things downstream in an easy way.  I'm suspecting I'm going to have to do this how OpenID, etc does it and implement an entire authorization provider that does the standard flow that core and Qvitter use and just so happens to include this extra MFA step.  But then I'm not sure how its going to integrate with Qvitter.

Not giving up, just need to figure out the best way to do this.  Any suggestions welcome.