enum TFAType {
   TOTP = 0,
   BACKUP_CODE = 1,
   WEBAUTHN = 2,
   APP_ALLOW = 3
}

type TFAOption {
   id: string;
   name?: string;
   expires?: int;
   tfatype: TFAType;
}

type TFANewTOTP {
   id: string;
   secret: string;
   qr: string;
}

type TFAWebAuthRegister {
   id: string;
   challenge: string;
}

service TFAService {
   GetOptions(): TFAOption[];
   Delete(id: string): void;

   AddTOTP(name: string): TFANewTOTP;
   VerifyTOTP(id: string, code: string): void;

   AddWebauthn(name: string): TFAWebAuthRegister;
   VerifyWebAuthn(id: string, registration_response: string): void;

   AddBackupCodes(name:string): string[];
   RemoveBackupCodes(id: string): void;
}