Can somebody split this off of Antony’s feature request so as not to dilute? Even though I’m providing an option, his request for a feature still seems valid.
@Antony @sitestreet I’ve added a php version of the custom authentication module that is referenced in the course, so just upload the php version instead of the .js. The hjson file remains constant as do the instructions on how to use (Although you’ll notice I added support for an Application identifier that shows up in the auth app).
In a nutshell in case you don’t want the full course, there are two actions that are utilized. The first simply generates a unique secret required by the authenticator app. Once a user has successfully provided a valid code, you save the secret on the user record and use it to verify any tokens for this user going forward.
The second action is the verify token. You pass a user provided token (from the auth app) along with the secret, and it returns a boolean true if it is valid.
The latest version of my extensions are here.
If interested in the library used for php, it is here.