search

authelia / authelia

The Single Sign-On Multi-Factor portal for web apps
https://www.authelia.com
Apache License 2.0
21.76k stars 1.13k forks source link

Configurable OTP App Links #1981

Open rfvgyhn opened 3 years ago

rfvgyhn commented 3 years ago

Feature Request

Configurable OTP App Links

Description

Instead of only providing links to google authenticator in the register one time password view, make the urls a configuration setting. Also, provide the ability to add a link to fdroid (or should that be a separate feature request?).

Use Case

I'd like to suggest different apps to my users.

I'd be happy to submit a PR for this but I have a few questions on implementation details before I do.

  1. Regarding the API route to retrieve these settings, which of the following would be preferred?
    • New route. Something like /api/configuration/authenticator_urls
    • Add auth urls to the body of the existing response to /api/configuration
    • Add auth urls to the body of the existing response to /api/secondfactor/totp/identity/finish

  2. When providing the optional link to fdroid, the current width of 128 is a few pixels too wide to have three badges on one line.

    • Should the width be decreased when showing three badges in order to fit all on one line? width126

    • Should the badges be allowed to overflow to multiple lines? width128

    • Should the container be made larger to allow for three badges at 128?

  3. I've never written Go before so I'm not sure what the standards are. For an optional fdroid url configuration setting, should its type be a *string and then check for nil or use a string and check for "" (or is there perhaps another mechanism to represent an Option/Maybe)?
nightah commented 3 years ago

Thanks for filing this request @Rfvgyhn.

@james-d-elliott and I had discussed this in the past primarily because of the relationship with #1271.

We were thinking of creating a document page which details all the different types of authenticators and their capabilities in a table format and having the link within the Authelia portal point to a URL specified within configuration (defaulting to the docs page).

The primary reason for the above approach was because Google Authenticator has it's own limitations in terms of algorithms that it will accept, which causes silent failures in specific scenarios. Also many people nowadays utilise password managers which also provide the ability to generate OTP codes with different sorts of capabilities.

Keeping in mind this is also somewhat related to #1145.

Let's see what what the team thinks about a definitive approach and we can decide on a way forward.

cc: @clems4ever @james-d-elliott

rfvgyhn commented 3 years ago

I do like the UX of having direct links in the view. I think having as few steps as possible for users unfamiliar with OTP apps is a positive. Perhaps having direct links plus an alternatives links that would link to the docs page you mentioned might be good? I don't know, just thinking about the users that will be using my instance and how most of them aren't too tech savvy.

james-d-elliott commented 2 years ago

When we implement this we should implement #1145 as part of it, they are very similar as @nightah pointed out.