At the moment of writing 2fa flow is unclear. We need to find out how it works.
Global overview
This application is an identity provider for other microservices.
Besides the logic of authenticating users using other microservices it provides the authorization of application to application using the oauth2 standard.
User authentication
As said before this application doesn't handle authentication by itself. The actual authentication is performed by LoginProvider. This first step is following the oauth2 standard using authorization code
As not all providers supported by login provider are supporing 2fa this application will add that layer on top of the external performed authentication.
Application authentication
Applications that want to talk to other applications like two microservices exchanging data are using this service
as well. In this situation the microservice acting as a client will request a access token
on accounts to get a
valid key to access the resource service (the serving microservice).
The authentication flow following the oauth2 standard, using client_credentials grant type.