Goal: Finalize the "Kill-Switch" logic described in
TORT.pdf
and refine defensive aggression.
TOTP & Recovery Code Logic:
- Update rotateRefreshTokens controller to support the full flow:
-
- Detect Anomaly → 2. Refuse TOTP → 3. Demand Recovery Code.
- Implement endpoints for generating, displaying, and rotating Recovery Codes.
Tuning "Nuclear" Defenses:
- Refactor the strangeThings (Anomaly) logic to distinguish between Suspicious (Step-Up Auth required) and Malicious (Kill-Switch / Revoke All).
- Configuration: Add a REUSE_GRACE_PERIOD (e.g., 30s) config option for SaaS deployments to prevent user lockouts caused by network race conditions ("Sniper" false positives).
Libraries To Use
Goal: Finalize the "Kill-Switch" logic described in
TORT.pdf
and refine defensive aggression.
TOTP & Recovery Code Logic:
Tuning "Nuclear" Defenses:
Libraries To Use