diff --git a/pve-rs/Cargo.toml b/pve-rs/Cargo.toml
index f7cbd8a..74f45e3 100644
--- a/pve-rs/Cargo.toml
+++ b/pve-rs/Cargo.toml
@@ -25,9 +25,10 @@ openssl = "0.10"
 serde = "1.0"
 serde_bytes = "0.11"
 serde_json = "1.0"
+url = "2"
 
 perlmod = { version = "0.9", features = [ "exporter" ] }
 
 proxmox-apt = "0.8"
 proxmox-openid = "0.9"
-proxmox-tfa = { version = "1.3.2", features = ["api"] }
+proxmox-tfa = { version = "2", features = ["api"] }
diff --git a/pve-rs/debian/control b/pve-rs/debian/control
index 4988e33..62ab4cb 100644
--- a/pve-rs/debian/control
+++ b/pve-rs/debian/control
@@ -17,8 +17,8 @@ Build-Depends: debhelper (>= 12),
  librust-perlmod-0.8+exporter-dev (>= 0.8.1-~~),
  librust-proxmox-apt-0.8+default-dev,
  librust-proxmox-openid-0.9+default-dev,
- librust-proxmox-tfa-1+api-dev (>= 1.3-~~),
- librust-proxmox-tfa-1+default-dev (>= 1.3-~~),
+ librust-proxmox-tfa-2+api-dev,
+ librust-proxmox-tfa-2+default-dev,
  librust-serde-1+default-dev,
  librust-serde-bytes-0.11+default-dev,
  librust-serde-json-1+default-dev,
diff --git a/pve-rs/src/tfa.rs b/pve-rs/src/tfa.rs
index ecc5eb0..cc53118 100644
--- a/pve-rs/src/tfa.rs
+++ b/pve-rs/src/tfa.rs
@@ -31,6 +31,7 @@ mod export {
 
     use anyhow::{bail, format_err, Error};
     use serde_bytes::ByteBuf;
+    use url::Url;
 
     use perlmod::Value;
     use proxmox_tfa::api::methods;
@@ -243,10 +244,15 @@ mod export {
         #[raw] raw_this: Value,
         //#[try_from_ref] this: &Tfa,
         userid: &str,
+        origin: Option<Url>,
     ) -> Result<Option<String>, Error> {
         let this: &Tfa = (&raw_this).try_into()?;
         let mut inner = this.inner.lock().unwrap();
-        match inner.authentication_challenge(UserAccess::new(&raw_this)?, userid)? {
+        match inner.authentication_challenge(
+            UserAccess::new(&raw_this)?,
+            userid,
+            origin.as_ref(),
+        )? {
             Some(challenge) => Ok(Some(serde_json::to_string(&challenge)?)),
             None => Ok(None),
         }
@@ -278,13 +284,20 @@ mod export {
         userid: &str,
         challenge: &str, //super::TfaChallenge,
         response: &str,
+        origin: Option<Url>,
     ) -> Result<bool, Error> {
         let this: &Tfa = (&raw_this).try_into()?;
         let challenge: super::TfaChallenge = serde_json::from_str(challenge)?;
         let response: super::TfaResponse = response.parse()?;
         let mut inner = this.inner.lock().unwrap();
         inner
-            .verify(UserAccess::new(&raw_this)?, userid, &challenge, response)
+            .verify(
+                UserAccess::new(&raw_this)?,
+                userid,
+                &challenge,
+                response,
+                origin.as_ref(),
+            )
             .map(|save| save.needs_saving())
     }
 
@@ -342,6 +355,7 @@ mod export {
         value: Option<String>,
         challenge: Option<String>,
         ty: methods::TfaType,
+        origin: Option<Url>,
     ) -> Result<methods::TfaUpdateInfo, Error> {
         let this: &Tfa = (&raw_this).try_into()?;
         methods::add_tfa_entry(
@@ -353,6 +367,7 @@ mod export {
             value,
             challenge,
             ty,
+            origin.as_ref(),
         )
     }
 
@@ -864,11 +879,10 @@ impl proxmox_tfa::api::OpenUserChallengeData for UserAccess {
                 Err(err) => {
                     eprintln!(
                         "failed to parse challenge data for user {}: {}",
-                        userid,
-                        err
+                        userid, err
                     );
                     Default::default()
-                },
+                }
             }
         };