Allow use of the FactorGrantedAuthority.Builder constructor outside of the FactorGrantedAuthority class.
This would allow creating a FactorGrantedAuthority and setting an issuedAt value which isn't just the current date & time, which is currently the only possibility when creating a FactorGrantedAuthority.
For example, mfa last issued at (along with user agent and ip address) can be stored (for example in a database) so the user isn't prompted for X amount of time when next logging in.
It would make sense to then grant the FactoryAuthority with the issued at time stored in the database. So endpoints protected by a time duration for mfa would then trigger - e.g. user logs in the following day but isn't prompted for mfa at log in but should be for a secure page such as api token (which is configured in security to have mfa recently, such as 15 mins).
Allow use of the FactorGrantedAuthority.Builder constructor outside of the FactorGrantedAuthority class.
This would allow creating a FactorGrantedAuthority and setting an issuedAt value which isn't just the current date & time, which is currently the only possibility when creating a FactorGrantedAuthority.
For example, mfa last issued at (along with user agent and ip address) can be stored (for example in a database) so the user isn't prompted for X amount of time when next logging in.
It would make sense to then grant the FactoryAuthority with the issued at time stored in the database. So endpoints protected by a time duration for mfa would then trigger - e.g. user logs in the following day but isn't prompted for mfa at log in but should be for a secure page such as api token (which is configured in security to have mfa recently, such as 15 mins).