Giter Club home page Giter Club logo

Comments (3)

binaryfire avatar binaryfire commented on June 26, 2024 4

I recently implemented 2FA and had to make it pretty flexible, so figured I'd share some feedback:

  • I needed it to be configurable per guard because I've got both Admin and Member models, and each has different security requirements
  • The option to enforce it for all users was also configurable per guard
  • All the options (enable/disable/enforce) were implemented as settings in a landlord panel, so it'd be great to make everything dynamically configurable rather than hardcoded in the config file
  • I used the session to store the 2FA auth status so I could programmatically mark it as completed when using my custom SSO (SSO logins normally skip 2FA since the SSO provider handles it).

from filament.

binaryfire avatar binaryfire commented on June 26, 2024 1

I know it can be tempting to just implement fortify or go the fortify route of just directly integrating something simple like TOTP and calling it good. I for one am annoyed by how locked into that one method fortify is. IMO please build it yourself and make it modular using a driver based approach so the community can come in and make plugins for other forms of 2FA as we want.

This is a 2fa package that supports multiple drivers (might be useful for inspiration): https://github.com/worksome/laravel-mfa. I agree it'd be great to be able to support multiple methods. I've implemented both email codes and TOTP in my app and they're dynamically configurable, so each of my tenant owners can choose the 2fa method they want their users to use.

Fortify is a very thin wrapper around https://github.com/antonioribeiro/google2fa and https://github.com/Bacon/BaconQrCode. IMHO it's better to implement them directly rather than trying to use Fortify and be constrained by its limitations.

from filament.

x7ryan avatar x7ryan commented on June 26, 2024

I know it can be tempting to just implement fortify or go the fortify route of just directly integrating something simple like TOTP and calling it good. I for one am annoyed by how locked into that one method fortify is. IMO please build it yourself and make it modular using a driver based approach so the community can come in and make plugins for other forms of 2FA as we want.

from filament.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.