mwahahaha @JonL , meanie pants, lol
I just haven’t use flows yet because i everytime I do something client side for hours I am later informed that I now have a security hole of some form, so i spend half my life in Server Connect and thats about it. At least this way I know im generally secure.
How does such information arrive?
I just earned my empathy badge, was actually quite sad when i got it, hahahaha, Patrick is going to get his empathy badge in about 30 years at his current rate of likes.
Normally I post some question about what I am busy doing and am told on the forum that maybe I should do that server side as something that should be secure is user editable by some trickery.
Main culprits of calling me out on security. @s.alpaslan, @Teodor, @Dave, @JonL, @max_gb, @sitestreet
So if you get past any of them your code is probably safe.
@George, is this feature request anywhere near the top of your to-do list?
I will need to decide in January how I will implement this and I want to use Google Authenticator rather than an email or SMS system.
Thanks! 
Antony.
Does it use Google Authenticator, or email/sms sent codes?
I want to implement Google Authenticator as it is more secure…
Hey Antony. I show how to implement google Authenticator, but it uses a custom module I put together and I’ve only done a node.js version so far.
Hey Ken, that would be great… but yes, php is my world…
Are you planning a PHP version soon?
Successfully integrated Firebase Authentication within a Wappler PHP project. Handles user registration, login and OAuth social logins. It updates the local security provider on confirmation via API. Took around 2 hours in total. Great for those that want a complete hands off solution for user login/registration, and the best part is that it’s included in the Firebase free plan.
Web Docs - https://firebase.google.com/docs/auth
Rest API Docs - https://firebase.google.com/docs/reference/rest/auth
(Google haters will hate.)
I’ll take a look early this week and let you know.
I’m starting to feel a bit last century using PHP… 
Thanks Ken!
Yep, I know that feeling! I didn’t realise NodeJS would overtake so quickly and take centre stage.
Not to worry, this morning I did a POC of the 2FA for PHP and will have it added to the course PDQ. 
I’ve no idea what a POC is, but it sounds very positive and we love you Ken!
“Proof of concept”
Can somebody split this off of Antony’s feature request so as not to dilute? Even though I’m providing an option, his request for a feature still seems valid.
@Antony @sitestreet I’ve added a php version of the custom authentication module that is referenced in the course, so just upload the php version instead of the .js. The hjson file remains constant as do the instructions on how to use (Although you’ll notice I added support for an Application identifier that shows up in the auth app).
In a nutshell in case you don’t want the full course, there are two actions that are utilized. The first simply generates a unique secret required by the authenticator app. Once a user has successfully provided a valid code, you save the secret on the user record and use it to verify any tokens for this user going forward.
The second action is the verify token. You pass a user provided token (from the auth app) along with the secret, and it returns a boolean true if it is valid.
The latest version of my extensions are here.
If interested in the library used for php, it is here.