Open visto9259 opened 6 months ago
This will require major changes in the login flow.
MFA needs multiple steps, user/credentials login form. If pass then go to next step. If fail, go back to login with error message. In the next step, validate the 2nd authentication factor. If pass, then we are done, if failed then stay in that step to validate a corrected 2nd authentication factor. To make it generic, each step should stay in that step until authentication succeeds.
Currently, LmcUser has a one factor login flow: identity/credentials login form, pass or fail
You may have a look at https://github.com/lampi87/LmcUserOTP It might not be 100% bullet proof and fully generic. But for my use case it works very well and stable
Enabling OTP, define mobile number or add and verify TOTP token, must be handled by application
Thanks @lampi87
I am working on a more generic version and I am looking at your version to see how this would work. I would like the 2nd factor to be some sort of plugin and have plugins/adapters for sending messages as well.
LmcUser was designed to have a one step login. In a 2FA situation, if, for example, the code entered in the 2nd step is not valid, it should stay in that step to let the use try again.
Once I have something working, I will be looking at volunteers to try it out.
Additional requirements:
See also #28
Add authentication adapters for MFA:
Start from the PR subimitted by @lampi87 (#30
There should be clear documentation on how to extend the adapter to support customized MFA flows