Is it possible to use a Radius Server w/LinOTP for a web app?

[dwood]

Greetings, I had a question about LinOTP -- I've been hearing from my IT manager, that I can delegate LinOTP to providing authentication tokens to my rails web app. I tried to explain to him that its safer for the app to generate the OTP tokens and serve the users & also, its less likely to work because its impossible for the web app server to make a decision on who it is authenticating and if the token would be legit. Right now, I am using active_otp & devise ldap for my rails app. He is insisting that I use radius/LinOTP for serving the apps authentication token....It all started from this thread, which is what he uses to setup LinOTP with Amazon AWS workspace/Active Directory (mind you, it also uses LDAP). Last note, the LinOTP instance is supported by MariaDb....which is certainly not a part of the app & remotely used for managing Active Directory users in LinOTP w/Amazon Work Spaces...Please give your input on the matter. I am trying to see what others believe.

https://aws.amazon.com/blogs/desktop-and-application-streaming/integrating-freeradius-mfa-with-amazon-workspaces/


Currently using
ldap_authenticatable | https://github.com/cschiewek/devise_ldap_authenticatable
active_model_otp | https://github.com/heapsource/active_model_otp

We're running the app itself on a ec2 instance @ amazon aws