search

authelia / authelia

The Single Sign-On Multi-Factor portal for web apps
https://www.authelia.com
Apache License 2.0
21.11k stars 1.09k forks source link

Design: Email OTP instead of JWT and add Recovery Codes #3801

Closed james-d-elliott closed 6 months ago

james-d-elliott commented 2 years ago

Feature Request

Description

Critical: #135

Design a identity verification procedure absent the JWT which:

  1. Uses a one-time password which is sent to a user. #2994
  2. Allows administrators to configure a initial timeout (i.e. a timeout of when it must be used by). #3569
  3. Allows a duration of session elevation which the administrator can configure both a an inactivity (i.e. when no privileged actions were completed within that time-frame) and hard timeout (i.e. if the elevation occurred at x, and the admin configures y, if the time is past x + y then it's timed out regardless of the inactivity) for.
  4. Allow admins to configure what these codes are able to do:
    1. Use as a 2FA option. #2035
    2. Register first 2FA option. #1319 and partially #135
    3. Register any 2FA option (current).
  5. Ensure we generate recovery codes for a user which can be used to override 4.2's restriction. #1319

Use Case

N/A

zorino commented 9 months ago

can't wait for that new feature it'll be much appreciated !!