Two factor authentication with Laravel and Google Authenticator
-
Upload
allan-denot-medeiros -
Category
Software
-
view
205 -
download
7
Transcript of Two factor authentication with Laravel and Google Authenticator
Two-factor Authentication
With Laravel and Google Authenticator
Allan Denot
How it works
MyApp
Secret key is randomly generated
QR code is generated from secret key and
other info
User scans QR code using Google Authenticator
It starts generating time based codes or
tokens
Enabling two-factor
372631
7JASV4C4F74ZLAR6
How it worksVerifying code
372631
Login
Submit
Two-factor Enabled
+ = 372631 ?
372631
7JASV4C4F74ZLAR6
Implementation and Demo
Installing
composer require pragmarx/google2fa
More information at: https://github.com/antonioribeiro/google2fa
Routes// Generates secret key and QR image
Route::get('user/twoFactor/secret', 'UserController@twoFactorSecret');
// Enables two-factor at user profile
Route::get('user/twoFactor/enable', 'UserController@twoFactorEnable'); // code, secret
// Verify a two-factor code
Route::get('user/twoFactor/verify', 'UserController@twoFactorVerify'); // code
{"two_factor_secret": "3UYJJUQO6O72SJJW","two_factor_qr": "https://chart.googleapis.com/chart?
chs=200x200&chld=M|0&cht=qr&chl=otpauth%3A%2F%2Ftotp%2FSpikeNode%3Aadenot%40gmail.com%3Fsecret%3D7JASV4C4F74ZLAR6%26issuer%3DSpikeNode"}
Generating Secret and QR/api/user/twoFactor/secret
Enabling two-factor
/api/user/twoFactor/enable?secret=3UYJJUQO6O72SJJW&code=733005
Verifying
/api/user/twoFactor/verify?code=733005
Verify window// Default window is 4$valid = Google2FA::verifyKey($secret, $code);
// Setting to 0$valid = Google2FA::verifyKey($secret, $code, 0);
Alternatives
Auth as a service
https://www.authy.com/
https://auth0.com/
References
Google2FA: https://github.com/antonioribeiro/google2faAuthy: https://www.authy.com/Auth0: https://auth0.com/