Open emekaemego opened 1 week ago
Hi @emekaemego ,
Could you please be more specific about the idea you are proposing. Do you want to extend Strapi by creating an OTP-based User Sign-Up with and email provider using Strapi?
Hi @emekaemego ,
Could you please be more specific about the idea you are proposing. Do you want to extend Strapi by creating an OTP-based User Sign-Up with and email provider using Strapi?
Hi @Theodore-Kelechukwu-Onyejiaku ,
Yes, I want to extend Strapi by creating an OTP-based user Sign-In with the email provider using Strapi. To simplify:
I will intercept the user registration request (/api/auth/local/register
) with a custom controller action, then invoke the plugins-users-permissions/server/controllers/auth/register
action within it to prevent the JWT token from being sent after registration.
I will also reroute requests to /api/auth/local
to a custom controller action, which will process the request through plugins-users-permissions/server/controllers/auth/callback
action. If the provider is email, additional steps will be taken to manage the OTP/TOTP flow.
What is your article idea?
In this tutorial, I will guide readers in in adding two-factor authentication (2FA) via email and authenticator apps to Strapi application by extending the Users and Permissions plugin. I will walk through the process of adding 2FA to enhance the security of user authentication, while explaining the backend and frontend implementations.
The article will describe how to override and extend the default register and login actions, and routes of the Users and Permissions plugin with custom controller and actions, create a custom Content Type for managing email-based one-time passwords (OTP), and extend the User and Permissions model to handle Time-based One-Time Password (TOTP) information. The tutorial will cover generating and validating TOTP codes for authenticator apps like Google Authenticator and enabling QR code display on the frontend to make the process user-friendly.
Also, the tutorial will introduce and explain what 2FA and TOTP are, describe different approaches of extending the register and callback actions for implementing 2FA, and explain why the chosen method.
The article will cover:
What are the objectives of your article?
The key objectives of this article are:
Readers will learn how to customize and extend the default Users and Permissions plugin by adding two-factor authentication (2FA) to improve security for users' accounts.
The article will help readers through building both backend and frontend (Next.js) application, including OTP via email, TOTP generation and validation, and frontend QR code enrolment and validation for authenticator apps.
The article will explain what 2FA is and how it works, along with an introduction to TOTP, explaining the needs of adding these features for secure authentication systems.
Readers will see practical steps to improve user authentication through a detailed 2FA system, including the implementation of email OTP and TOTP for authenticator apps.
Readers will learn how to create custom controllers, work with Server API, Entity Service API, Routes override, and some other useful Strapi customizations APIs.
What is your expertise as a developer or writer?
Advance
What type of post is this?
Tutorial
Terms & Conditions