Create administrative API endpoint to delete user's OTP token

Question

Create administrative API endpoint to delete user's OTP token

Closed this issue 2 years ago · 1 comments

Add an endpoint DELETE:/totp-secret/{user_id} that enables site admins to delete a user's TOTP secret. This is required to recover from a situation where the user has lost access to the TOTP secret.

Answer 1 · 2022-03-30T11:38:54.000Z

@lkuchenb should this be DELETE or POST? The secret is stored as a field of User, not in a separate table and would be set to NULL/None. I have implemented it as DELETE for now.