V8-archive: 2FA - Two Factor Authentication Support
Hi,
I'm looking forward to secure this wonderful middleware system with 2FA - Two Factor Authentication at both levels API and Web if enabled.
Thanks
vzool
All 10 comments
In terms of input, this would mean that logging in requires a 6 char code (One Time Password OTP) generated by an authenticator application.
{
"email": "[email protected]",
"password": "password",
"otp": "123456"
}
rijkvanzanten
on 2 Nov 2018
Would we generate/manage this ourselves (over email), or use some library/service (potentially adds SMS too)?
Does anyone have any thoughts or recommendations?
benhaynes
on 2 Nov 2018
In terms of input, this would mean that logging in requires a 6 char code (One Time Password OTP) generated by an authenticator application.
{ "email": "[email protected]", "password": "password", "otp": "123456" }Yes, 6 chars is enough for now and this could work. ๐
But, I prefer to split this into two requests not one. Like this:
- First request:
{
"email": "[email protected]",
"password": "password"
}
- First response:
{
"challenge": "57eabcc4-dce0-427b-bfb0-f99b56c849df",
"type": "otp",
"hint": "null" # otp is null
# "hint": "public-key" # for U2F
# "hint": "+9xxxxxxxxxxxxx786" # for SMS
# "hint": "[email protected]" # for Email
}
- Second request:
{
"challenge": "57eabcc4-dce0-427b-bfb0-f99b56c849df",
"code": "123456"
}
After that the challenge should be delated and combined with expiration date.
This design will help us in the future to add more options like SMS, Email and U2F. ๐ค
vzool
on 2 Nov 2018
Would we generate/manage this ourselves (over email), or use some library/service (potentially adds SMS too)?
Does anyone have any thoughts or recommendations?
Yes, I did. ๐
No need for any services I just use this simple and nice one file library PHPGangsta/GoogleAuthenticator which is using OTP only. ๐ค
vzool
on 2 Nov 2018
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] picture](https://avatars.githubusercontent.com/in/1724?v=4&s=40)
stale[bot]
on 2 Jan 2019
To achieve better clarity/visibility, we are now tracking feature requests within the Feature Request project board.
This issue being closed does not mean it's not being considered.
benhaynes
on 20 May 2019
Hi,
I am currently working on implementing 2FA for login. Any pointers / specific parts of the documentation I should look at?
OscBacon
on 12 Jun 2019
Hey @OscBacon โ that would be awesome!! ๐
@bjgajjar @hemratna โ any pointers on where this should exist within the code?
benhaynes
on 12 Jun 2019
@benhaynes Thanks!
I am wondering too, could this be possible as an extension, similar to how SSO seems to be explained in the docs?
OscBacon
on 13 Jun 2019
Not sure, but @bjgajjar should be able to help you here or on our Slack. :)
benhaynes
on 13 Jun 2019
Related issues
rijkvanzanten
ยท
3Comments
gitlabisbetterthangithub
ยท
3Comments
Nitwel
ยท
3Comments
metalmarco
ยท
3Comments
cdwmhcc
ยท
3Comments
Most helpful comment
Yes, I did. ๐
No need for any services I just use this simple and nice one file library PHPGangsta/GoogleAuthenticator which is using
OTPonly. ๐ค