As suggested in T414, implement a web service providing OTP methods for initialization and validation of one-time-passwords through an API or RPC calls. Besides executing the actual operations using 3rd party libraries for the various OTP methods (e.g. FreeOTP, Yubikey, etc.) this service also stores the necessary information (i.e. secret) associated with user accounts.
The storage of these key-value records shall be abstracted and configurable as well. Backends like MySQL, MongoDB, CouchDB or Redis could be used for storage.