Need clarification on entire TOTP setup process

[ffxsam]

I'm having trouble figuring out how to set up TOTP from start to finish:

1. User enables MFA.
2. User gets presented with a TOTP code (which I assume I can run through a QR code library to generate a QR).
3. User syncs code with their choice of MFA software (Authy, 1Password, etc).
4. User gets prompted to enter verification code from MFA device to confirm.

The documentation for this repo is pretty lacking, and it's quite difficult to figure out how to do all this.

Also, do they have to set up SMS first? I would hope that users don't need to do that, because many may not want to use their phone number, not to mention it's unreliable to depend on text message for 2FA (someone might be in a place with no cell access).

[itrestian]

No, SMS is not needed for TOTP. You would pretty much need to follow use case 26 to 28 on the readme for associating, verifying and enabling TOTP.

[ffxsam]

@itrestian Thanks for the help, I'll give it a try!