Don't ask for 2FA code every time

[pdolinaj]

I'm not sure whether this is bug or a feature requirement but in many 2FA implementations user can select "Don't ask for 2FA code for XXX days." and then after we enter the 2FA once successfully, the app won't ask us to enter it for XXX days again. Can this be achieved with this app?

[marcinlawnik]

This is something you have to implement yourself, by saving last successful 2FA attempt time and then checking whether the time has passed. It can be achieved with this library. This is a library, not a ready app ;)

[zyglobe]

Just to add to that, usually implementations will try to pair a fingerprinted device to the 'remembered' user so that there are assurances that you're not allowing a bad actor to log in with your password from another device and not get prompted for MFA.

[antonioribeiro]

I believe this what the "remember me" (Laravel example) feature does, nor not? Authenticated user is tied to an encrypted token, stored on a cookie on each device. Any attempt to mess with the cookie destroys it and logoff the user.

And, yes, as @marcinlawnik said, this package cannot be responsible for anything beyond the generation and checking of one time passwords.