What would you call a feature that blocks access to URL’s until a person has gone through an OTP authorization process?

AuthorizationGate?

AuthorizationInterceptor

plus1 for gate, or also barrier

AuthorizationGate has a nice ring to it

Yep, "interceptor" is pretty generic and does not communicate what is actually done when intercepting.

The "GirlBoss" because it gatekeeps the URLs :D More seriously, something with gatekeeper or guard could sound quite cool

I once worked on a system where the auth component was named Heimdall. (Not my idea.) It was cool and all, but it did mean stopping to explain it to every new engineer who came onto the project.

Can relate. For stuff that we deal with on a daily basis, naming almost doesn't matter and we could choose "Red", "Green", ... for whatever it really is. Onboarding is a thing (which may include you having to onboard again on stuff your former self wrote, after it has just been working quietly for a couple of years). So precise naming generally does make a difference. I always advocate avoiding anything "...er"-like as these function/role classes are blurry and tend to accumulate unrelated tasks over time.