leastprivilege
commented
6 years ago Good idea! Let us know where you put that sample so we can link to it.
Closed MovGP0 closed 6 years ago
leastprivilege
commented
6 years ago Good idea! Let us know where you put that sample so we can link to it.
MovGP0
commented
6 years ago I don't have a sample. Just wanted to keep track of the idea.
Also currently too busy to implement a sample myself :-(
codebude
commented
6 years ago Hi together,
I'm the creator of the QRCoder library linked above. If you need any help, let me know. By the way, the QRCoder lib brings an payload generator with it, which can create TOTP QR payloads.
TomCJones
commented
6 years ago Pull request #57 shows 2fa running. https://github.com/IdentityServer/IdentityServer4.AspNetIdentity/pull/57
leastprivilege
commented
6 years ago We cannot provide such samples. This would be a community/consulting effort
MovGP0
commented
5 years ago in case anybody wants to work on this
eaba
commented
5 years ago @MovGP0 is this in any way different from aspnet.core identity two step authentication?
MovGP0
commented
5 years ago There are different methods of two step authentication. One way is to send an SMS with a one-time-password (Twilio is quite good). Another is to use a FIDO U2F Token, like a Yubikey or Google Titan Key. See #2232 for details.
TOTP and HOTP are another method(s), similar to those RSA SecurID tokens, which some companies used before. The standard is supported by multiple smartphone apps, like Google Authenticator, Microsoft Authenticator, LastPass Authenticator, and others, as well as many large Websites like Google, Microsoft, Twitter, Facebook, GitHub, LastPass, and some others. So this is basically my daily driver for secure logins on the Internet.
lock[bot]
commented
4 years ago This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
Issue / Steps to reproduce the problem
There should be an example for 2-step authentication using the Time-Based One-Time Password Algorithm (TOTP).
There is an open source project for this here: TwoStepsAuthenticator
Secondary goal
Implement an example using a QR Code (maybe this library?) on the screen, such that the user can easily connect the mobile phone by scanning the code from the screen.