Request 2FA for authorize an specific resource


I would like to know if there are any specific standard or flow to request a confirmation of type 2FA for the authorization of a specific endpoint, as described below:

  1. the User authenticates normally. And receive your access token.

  2. the User accesses “resource 1” and consumes the API service normally.

  3. Now, the user tries to access “resource 2”. At this point I would like for the authorization to consume this API to be released if there was a request to confirm the authenticity of the user using 2FA.

For this need I create a module for Keycloak?

Thank you.