This would require to build a small application or servlet in front of the mendix login page, (this approach is used by both the MxID application and the Windows Authentication (SSO) module).
This would take four steps:
- reroute the login procedure to your custom Servlet (by adjusting index.html).
- Validate the OTP with same java code
- Provide the credentials to the mendix core.
- The resulting session needs to be stored in a cookie and the response can redirect back to the real application.