How to use this for API authentication?

[jackwander]

I would like to ask how can i use this for API authentication especially for generating bearer token.

[ashu555]

Hi @jackwander. Did you get any solution for this?

[jackwander]

@ashu555 Sad to say but I haven't.

[armmeltonyan]

@ashu555 Hi. Did you get any solution?

[arislanhaikal]

I'm also waiting for the same answer. How is 2fa implemented in the API, and what is the mechanism like. API is stateless, different from the web, which has a session.

[jackwander]

I still don't have a solution for this.

[armmeltonyan]

Hello everyone, I find solution I make a few endpoints I add a few fields to Users model, two_fa_enabled(flag) and two_fa_code 1.endpoint return generated Qr and code, before sending response I save code in my db for auth user 2.endpoint for enabling 2FA, I get current code for auth user ($code = $google2fa->getCurrentOtp(auth('sanctum')->user()->google2fa_secret);) and check it with request otp, if checked i put two_fa_enabled to true. Same steps for disabling 2FA

3. while login i send with response 2FA_enabled, and if enabled, in frontend must show input for otp,
4. and last method for checking otp after login if 2FA_enabled, if($code = $google2fa->getCurrentOtp(auth('sanctum')->user()->google2fa_secret); send token, if wrong sen error

[arislanhaikal]

Hi all, I find the solution in this article 2FA stateless, and I've implemented it with the same concept!