I’m using this plugin for 2FA on my app.
The plugin checks if the input 2FA code is valid by generating another code with a user’s secret. If the generated code matches the entered code, it logs in the user.
However, in order to generate a code to compare to the input code, it needs to fetch the user’s secret from their User object.
How can I set the Privacy Rules so that the user can only see their secret if the generated code matches the one that they entered? If I allow the user to see their own secret without any restrictions, they can simply bypass the 2FA.