As a suggestion for what to implement (I'm biased because I work there) but I'd encourage you to check out Stytch (https://stytch.com). We're an API-first authentication, authorization and fraud prevention B2C and B2B solution with several methods including email/password, email magic links, social logins and 2FA (OTP, TOTP).
As a suggestion for what to implement (I'm biased because I work there) but I'd encourage you to check out Stytch (https://stytch.com). We're an API-first authentication, authorization and fraud prevention B2C and B2B solution with several methods including email/password, email magic links, social logins and 2FA (OTP, TOTP).