Add MFA support

[HeyJoel]

Add MFA support to the user auth system. As referenced by #554.

[JornWildt]

Does Cofoundry support OpenID Connect out of the box (Asp.Net Core does)? If so, wouldn't it make sense to redelegate auth to an external IdP - in which you could use all sorts of authentication mechanisms - instead of trying to keep up with all the ways to do auth?

[HeyJoel]

@JornWildt We only support local user accounts at present. #200 and #163 cover external auth. Yes it would be ideal to redelegate auth, but a local user accounts system will always be required as a baseline feature. External providers would be a higher priority to MFA support for local user accounts because like you say, it's easier to defer to a 3rd party than trying to keep up.

[JornWildt]

We only support local user accounts at present. #200 and #163 cover external auth. Yes it would be ideal to redelegate auth, but a local user accounts system will always be required as a baseline feature. External providers would be a higher priority to MFA support for local user accounts because like you say, it's easier to defer to a 3rd party than trying to keep up.

Thanks. I'm missing something here or simply using the wrong words. For me "external auth" is the same as "External providers" as well as "single sign on" (using an external identity provider) - but it sounds like there is a difference?

You can combine external identity providers with local accounts by associating local accounts with a login to an external IdP. So requiring local accounts is just fine.

[HeyJoel]

I'm not sure exactly what you're questioning here, but #163 covers external auth/external providers/SSO/IdPs etc. #200 is just about exposing the AuthenticationBuilder so you can do whatever you like with it.

[JornWildt]

Never mind :-) Lets not use more time on that.