Two Factor Authentication
This article explains 2FA implementation in Aidbox
Two Factor Authentication is not supported for external OAuth 2.0 providers
We've prepared the demo Python/TypeScript app with Devbox, so you can run everything in your local environment. The implemented scenario includes signup and login user flows.
AuthConfigresource is required for 2FA process. In the demo app, we've generated the following
AuthConfigwith the name
Authorization: Basic dHdvLWZhY3Rvci13ZWJob29rOnR3by1mYWN0b3Itd2ViaG9vaw==
Clientresource is required for 2FA process. In the demo app we've generated the following Client resource with the name "web"ya
Provider resource belongs to the
AidboxConfig. It defines the transport for sending email notifications, which is part of the signup flow. Since we do not want to send real emails in the demo app, we'll send notifications to the Console output stream. You can find the generated Provider resource below
When the user scans the QR code and enters the token, he is redirected to the 2FA settings page. Aidbox saves that 2FA is enabled for this user into the User.twoFactor attribute.
Next time when the user logs into the system, the TOTP authentication page will be shown. Using the mobile authenticator (or any other transport) the user enters the code and gets redirected to the application. You can configure which OAuth 2.0 flow by changing Client configuration and login endpoint query parameters.
To disable 2FA for a particular user, redirect the user to the following URL. When the user enters a token, they get redirected to the 2FA settings page. Aidbox sets