Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2 Factor authentication #28

Open
lampi87 opened this issue Oct 16, 2021 · 5 comments
Open

2 Factor authentication #28

lampi87 opened this issue Oct 16, 2021 · 5 comments

Comments

@lampi87
Copy link
Contributor

lampi87 commented Oct 16, 2021

Hi!

Is there any documentation available how to implement a two factor authentication?
It's mentioned in the wiki on the concepts page, but I'm not sure how to configure adapters to redirect to second page where user has to enter sms or otp code.

Thx in advance!
@visto9259
Copy link
Member

@lampi87,
The wiki page on Concepts comes from the original ZfcUser repository. There was an intent by the original developer to support MFA but I think it never got implemented.
With that said, it would be nice to have an adapter that supports MFA.
Anyone wants to develop and share one or know of an existing adapter that we could integrate into LmcUser?

@lampi87
Copy link
Contributor Author

lampi87 commented Oct 25, 2021

I started implementing mfa/otp functionality. Lets see if I can solve the Problem.
Correct me if I'm wrong, but in my opinion it cannot be solved by a Single auth adapter, because you need a redirect to a separate page. This redirect will stop authentication process.
My idea is to create a mfa or otp action to handle second factor.
Any thoughts on this? Any "easier" workflows?

@visto9259
Copy link
Member

visto9259 commented Oct 27, 2021
edited
Loading

@lampi87,

Sorry for the late response. Professional projects are keeping me busy and I have less time to devote to maintenance of the LM-Commons packages.

Let me take a look at your PR. One thing that I want to make sure is that this feature is optional.

I had also developed extra functionality like password reset by email. May be this can be bundled with it and maybe as a separate bolt-on package.

Thanks for the contribution.

@lampi87
Copy link
Contributor Author

lampi87 commented Oct 27, 2021

Of course, OTP is an optional feature.

I've created a second User(Otp)Interface including necessary function to determine if current login user uses otp. If no otp "auth_adapter" is added or user entity has set "useOtp" to false, it's not used at all. The OtpMail.php Adapter can be seen as an example.
Only two things are "deeper" integrated: the lmcuser/otp route and otpAction. But both is only used if an otp adapter is used too.
In my opinion it is possible to use one mail/sms otp and totp authenticator app in parallel

@visto9259
Copy link
Member

will be covered by #60

@visto9259 visto9259 mentioned this issue Jun 27, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lampi87 @visto9259