ideas icon indicating copy to clipboard operation
ideas copied to clipboard
verified publisher icon statamic

2FA authentication flow

Open jerome2710 opened this issue 3 months ago • 4 comments

As our and our clients policies require 2FA and Statamic 6 has not been released yet, we are now installing the add-on as suggested for Statamic 5.

However, our platform consists of a headless Next.js frontend, which connects to the Statamic back-end, including a OAuth2 PKCE flow.

The add-on simply extends the CP login controller and any other contactpoints of authentication are freely available without 2FA.

Coming from a Symfony background, where for instance the scheb/2fa-bundle injects itself within the firewall, just relying on a single controller instead of the actually firewall (or how it's called in Laravel) feels kinda light.

As Statamic 6 will adopt the add-on, will the logic be implemented as-is? Or will the logic be moved to a "firewall", thus catching all authentication flows, being either for the CP or some other controller?

jerome2710 avatar Oct 03 '25 14:10 jerome2710