Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Two factor authentication with Laravel and Google Authenticator

Two factor authentication with Laravel and Google Authenticator

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Login to see the comments

Two factor authentication with Laravel and Google Authenticator

  1. 1. Two-factor Authentication With Laravel and Google Authenticator Allan Denot
  2. 2. How it works adenot@gmail.com Login ************** Submit 461785 Login Submit Two-factor Enabled
  3. 3. How it works MyApp adenot@gmail.com Secret key is randomly generated QR code is generated from secret key and other info User scans QR code using Google Authenticator It starts generating time based codes or tokens Enabling two-factor 372631 7JASV4C4F74ZLAR6
  4. 4. How it works Verifying code 372631 Login Submit Two-factor Enabled + = 372631 ? 372631 7JASV4C4F74ZLAR6
  5. 5. Implementation and Demo
  6. 6. Installing composer require pragmarx/google2fa More information at: https://github. com/antonioribeiro/google2fa
  7. 7. Routes // Generates secret key and QR image Route::get('user/twoFactor/secret', 'UserController@twoFactorSecret'); // Enables two-factor at user profile Route::get('user/twoFactor/enable', 'UserController@twoFactorEnable'); // code, secret // Verify a two-factor code Route::get('user/twoFactor/verify', 'UserController@twoFactorVerify'); // code
  8. 8. { "two_factor_secret": "3UYJJUQO6O72SJJW", "two_factor_qr": "https://chart.googleapis.com/chart? chs=200x200&chld=M|0&cht=qr&chl=otpauth%3A%2F%2Ftotp%2FSpikeNode%3Aadenot% 40gmail.com%3Fsecret%3D7JASV4C4F74ZLAR6%26issuer%3DSpikeNode" } Generating Secret and QR /api/user/twoFactor/secret
  9. 9. Enabling two-factor /api/user/twoFactor/enable?secret=3UYJJUQO6O72SJJW&code=733005
  10. 10. Verifying /api/user/twoFactor/verify?code=733005
  11. 11. Verify window // Default window is 4 $valid = Google2FA::verifyKey($secret, $code); // Setting to 0 $valid = Google2FA::verifyKey($secret, $code, 0);
  12. 12. Alternatives
  13. 13. Auth as a service https://www.authy.com/ https://auth0.com/
  14. 14. References Google2FA: https://github.com/antonioribeiro/google2fa Authy: https://www.authy.com/ Auth0: https://auth0.com/ allandenot.com adenot@gmail.com

×