Christian Scheb

I have to say I have no experience at all with hardware token (no idea what FIDO2/U2F is), so I'm probably not the best person to implement this. Why not...

Flagging this with "help wanted", if this should ever become part of the 2fa package and not being provided by a 3rd-party package. Someone with knowledge in that field, who...

I've also had a email exchange with @PhilETaylor recently, though haven't heard back from him. He mentioned that he has some implementations ready, that he could contribute.

The use case is to provide another common two-factor authentication method as a ready-to-use package, besides the 3 that the bundle already supports (TOTP, Google Authenticator, Code-via-Email).

From what I've learned so far, WebAuthn is much more capable than just providing another authentication code in a 2fa process. Though, I'd like to scope the discussion here around...

Thanks for sharing. I'll look into this at a later point. Weird that the integration tests are failing, don't really get why.

To me it looks like, the only thing that you're using from the bundle is the TOTP authenticator. Actually, you don't even need that one, you could use the [underlaying...

🤔 The more I think about this, the more it makes sense to use the bundle for such a use case - if you want extra features i.e. trusted IPs,...

Ah, I see. Yea makes sense when you're also using it on the web application. > I assumed that backup codes would just work as an input when using totpAuhenticator->checkCode...

@jawira You could easily do that with a regex ;)