We want to use the Doorkeeper gem to implement an OAuth provider in our app. However, we use 2 factor auth in the login process, so we need a way to modify the password grant to accept email, password and a 2fa token (and respond with an appropriate error if the 2fa token is required and missing).

Users often forget to save their recovery codes when enabling 2FA. If you added an SSH key to your GitLab account, you can generate a new set of recovery codes with SSH:

Two-factor authentication, commonly abbreviated as 2FA, is any form of verification that requires two factors, like withdrawing money from an ATM using both a bank card and its PIN.