I would like to add a Two Factor Authentication (2FA) in the login process of my expressive app.
I found some existing php library for Google Authenticator (can be a good choice) but i need to add a step between expressive authentication and the private area. I mean when the user enter his username and password, it doesn’t must to be valid until the step to check the 2FA code.
Someone already use something like that in expressive?
How can be the right workflow (if 2FA is already configured in the user account)?
- ask username and password in a form
- check only if valid, do not authenticate…
- if valid, add username and password entered in the form to an temp variable somewhere in session
- show the 2FA page with QRCode or number to enter
- if 2FA is valid, use the username and password in session to authenticate
- and enter in the private area
Is it realistic?
Thanks for your help