Problem
I need to add 2FA (OTP verification) after successful Google OAuth login, but Meteor’s OAuth packages don’t provide any way to interrupt the login flow.
Current Code
Meteor.loginWithGoogle({
requestPermissions: ['email', 'profile'],
loginStyle: 'popup'
}, (error) => {
setGoogleLoading(false);
if (error) {
// Handle errors
setError(error.reason || 'Google login failed');
} else {
// User is immediately logged in - NO way to stop here for 2FA
console.log('Google login successful');
onSuccess(); // This happens immediately, no 2FA step possible
}
});
The Core Issue
There’s no error condition or callback for 2FA in Meteor’s OAuth system. The flow is binary:
-
OAuth succeeds → User immediately logged in
-
OAuth fails → Error thrown
There’s no intermediate state or callback for additional verification steps.
What I Need
I want to intercept the login flow after Google OAuth succeeds but before the user session is created, so I can:
-
Get Google OAuth token/user info
-
Show 2FA/OTP prompt (No way to pause here)
-
Validate OTP
-
Complete login
Do I need to:
-
Abandon
Meteor.loginWithGoogleentirely? -
Implement custom OAuth flow manually?
-
Use some other approach?
Questions for the Community
-
Has anyone successfully extended existing 2FA systems to work with OAuth?
-
Are there hooks in Meteor’s accounts system I can use to intercept OAuth completion?
-
Should I implement custom OAuth flow to integrate with my existing 2FA methods?
-
Any packages that make OAuth providers work with custom authentication flows?
Since I already have the 2FA infrastructure working, I’m hoping there’s a way to “plug in” OAuth providers without rebuilding everything.
Complete Working Example: GitHub - bluehive-health/meteor-mfa-example