Hi! I tried to take some time to look into this. I'm going to take a guess that you looked at this page to find out about the mentioned authentications (DIGEST_AUTH, WEBDAV_BASIC_AUTH, ANONYMOUS_AUTH).

http://explorer.nuxeo.com/nuxeo/site/distribution/cap-8.3/viewExtensionPoint/org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService--specificChains

As for your question, I'm not sure if OTP authentication is used. I've been trying to find other examples of plugins used for the RestAPI specificAuthenticationChain extension, but haven't found any that use other auths. When looking on my own local copy of nuxeo, this is already setup in the file directory (While in the nuxeo root directory): nxserver/web/root.war/modules/org.nuxeo.ecm.platform.restapi.server/OSGI-INF/auth-contrib.xml

Here that code snippet in your question is already established in nuxeo to use TOKEN_AUTH and AUTOMATION_BASIC_AUTH.

The only other alternative I can think of is to do a java approach to handling a one-time password, if you're looking at this for password retrieval. Nuxeo has 2 blog posts on customizing this process with these: https://www.nuxeo.com/blog/monday-dev-heaven-add-forgotten-password-functionality-nuxeo-part-12/ https://www.nuxeo.com/blog/monday-dev-heaven-add-forgotten-password-functionality-nuxeo-part-22/