2 step authentication

I’m relatively new so I want to apologize ahead of time if this is in the wrong forum channel.

I’m looking into adding 2 step authentication to my app.

Some slick executions of this I’ve seen include sending a one time email code or using something like Google Authenticator or Authy.

On the surface, I think it would be simplest to generate a one time key upon initial login, save to DB and set an expiration on it (now +1 hour for example), email it to the user and only allow the user to proceed into the app if the key they entered matches the generated key.

I would love to hear any insight into whether anyone has done any sort of 2 step authentication and whether there is a preferred/recommended Wappler method.

1 Like

Yes, the emailed code which expires after an hour would be the easiest to implement. I would add two fields to the user table - one for the code and one for the expiry date/time. Then check their input against both.

I reckon (I’ve not actively looked) there’s a script which can do the 6-digit authenticator codes as it’s done in lots of sites so maybe this is something that could be added to the Security Provider actions as part of Wappler?

1 Like

Good stuff. Thanks @sitestreet!

2 Likes

Google Authenticator / Authy 2FA wasn’t so hard to implement on top of Wappler security provider.
It took my two days without prior knowledge.
I used this library to fasten the implementation :

2 Likes

Thanks @jeoff75, that’s just what I was thinking of. It would be excellent if this could be made part of the Security Provider in Wappler.

1 Like

I finally pushed it to a public git here if you want to have a look :
https://bitbucket.org/jeoff75/wapplerloginboilerplate/

More details :

4 Likes

Thanks for that @jeoff75!

I’ve created a Feature Request for 2FA… please give it your vote! :slight_smile:

@Antony You have my vote

1 Like