filament icon indicating copy to clipboard operation
filament copied to clipboard
verified publisher icon filamentphp

2FA

Open danharrin opened this issue 1 year ago • 3 comments

Donate 💰 to fund this issue

  • You can donate funding to this issue. We receive the money once the issue is completed & confirmed by you.
  • 100% of the funding will be distributed between the Filament core team to run all aspects of the project.
  • Thank you in advance for helping us make maintenance sustainable!
Fund with Polar

danharrin avatar May 07 '24 09:05 danharrin

I recently implemented 2FA and had to make it pretty flexible, so figured I'd share some feedback:

  • I needed it to be configurable per guard because I've got both Admin and Member models, and each has different security requirements
  • The option to enforce it for all users was also configurable per guard
  • All the options (enable/disable/enforce) were implemented as settings in a landlord panel, so it'd be great to make everything dynamically configurable rather than hardcoded in the config file
  • I used the session to store the 2FA auth status so I could programmatically mark it as completed when using my custom SSO (SSO logins normally skip 2FA since the SSO provider handles it).

binaryfire avatar May 08 '24 11:05 binaryfire

I know it can be tempting to just implement fortify or go the fortify route of just directly integrating something simple like TOTP and calling it good. I for one am annoyed by how locked into that one method fortify is. IMO please build it yourself and make it modular using a driver based approach so the community can come in and make plugins for other forms of 2FA as we want.

x7ryan avatar Jun 18 '24 21:06 x7ryan

I know it can be tempting to just implement fortify or go the fortify route of just directly integrating something simple like TOTP and calling it good. I for one am annoyed by how locked into that one method fortify is. IMO please build it yourself and make it modular using a driver based approach so the community can come in and make plugins for other forms of 2FA as we want.

This is a 2fa package that supports multiple drivers (might be useful for inspiration): https://github.com/worksome/laravel-mfa. I agree it'd be great to be able to support multiple methods. I've implemented both email codes and TOTP in my app and they're dynamically configurable, so each of my tenant owners can choose the 2fa method they want their users to use.

Fortify is a very thin wrapper around https://github.com/antonioribeiro/google2fa and https://github.com/Bacon/BaconQrCode. IMHO it's better to implement them directly rather than trying to use Fortify and be constrained by its limitations.

binaryfire avatar Jun 19 '24 10:06 binaryfire