Hi all, I'm looking into 2 factor authentication for my Wicket Application.
Currently, I have a simple implementation where the user prepends a code to his password and the authenticate method uses that part as second factor. However, I would like a nicer interface (like, for example, google uses). In this interface, the user first enters his username and password. If they match, the user is taken to a second login-screen where he can enter a code / pick an option (app/text/call) to get a code. I want to implement something similar in Wicket (using the AuthenticatedWebapplication), but I'm not sure how to handle the Session. I have thought of two options: 1. On successful username/password, set a role and redirect to the CodePage. The user is 'signedIn' in the session (but not really, so this seems a bit hacky) 2. Create a custom SignIn page, where username and password are checked in the backend, passed on the the CodePage, and have the CodePage call authenticate(). But there might be better alternatives as well. What do you think is the best approach? -Rob