shield icon indicating copy to clipboard operation
shield copied to clipboard
verified publisher icon GrottoPress

2FA support

Open confact opened this issue 3 years ago • 2 comments

I was looking for a login solution in lucky for one of my apps. Looks good!

The only thing I am missing is OTP/2FA support. With Google Authentication or Authy, it would be amazing, making it very secure.

confact avatar Mar 21 '22 20:03 confact

I was looking for a login solution in lucky for one of my apps. Looks good!

Glad to know.

The only thing I am missing is OTP/2FA support.

I think so too. An ideal 2FA integration should allow multiple methods (at least TOTP and email). Overall, it seems it would require a non-trivial amount of time to design and build.

I am currently tied up on a project, so time is not my friend now. If you have any ideas or PR, that would be great. I'll try to squeeze in some time and work on a design. We'll see.

There's already a TOTP implementation here: https://github.com/Axentro/crystal-two-factor-auth. I haven't used it in any way, but it looks good, and looks like it would save some amount of work.

akadusei avatar Mar 23 '22 06:03 akadusei

Ideal implementation would be to have pluggable providers (e.g. TOTP, HOTP, FIDO, random token generation fro SMS/email, etc.), and pluggable transports: none for TOTP, FIDO because it's already on the device, or SMS/email/Matrix, etc.

notramo avatar May 07 '23 11:05 notramo