Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authentication per OTP Token via E-Mail/ SMS #980

Open
Neluxx opened this issue Feb 3, 2022 · 3 comments
Open

Authentication per OTP Token via E-Mail/ SMS #980

Neluxx opened this issue Feb 3, 2022 · 3 comments
Assignees

Comments

@Neluxx
Copy link

Neluxx commented Feb 3, 2022

Hello,

is it possible with this plugin to implement authentication with an OTP token via email or SMS?

I have not found anything about it in the documentation. Only two-factor authentication via Google Authentication App, which I do not want to use.

I would like to extend the default login with username and password so that in a second step an OTP token is generated and sent to the user. Depending on the user's preference, the token will be sent by mail or SMS. The login should only happen if the token is entered correctly and has not expired yet.

Many thanks and best regards
Fabian

@ravage84
Copy link
Contributor

ravage84 commented Feb 3, 2022

@steinkel we were thinking about either extending the Users plugin via contribution, as we use it in several projects or just using an third party solution/package.

We currently use CakePHP 3.x but will soon upgrade.

@steinkel
Copy link
Member

steinkel commented Feb 3, 2022

@ravage84 we'd love to integrate OTP via SMS/email. I think it's a feature we could define a bit more, for example:

  • In which context/rules do we want to request an additional validation step. Shall we have a way to configure it as an authorization rule or utility?
  • How we want the workflow to work in combination with Social login
  • Define a provider class we can configure to send the OTP code, either email or SMS initially.
    • For SMS, define a generic provider we can integrate with 3rd party providers, we might want to use an external plugin here or define the sms provider outside of the CakeDC/Users plugin, leaving the email provider as the default implementation

For new features, we would be targeting the cake4 related version.

We'd love to help you or lead the development of this feature. If you already have some custom solution in place, please let us know and decide next steps.

Thanks,

@ajibarra
Copy link
Member

@ravage84 @Neluxx

We are going to spend some time implementing this feature but we would love to hear your suggestions about how would you like this to work including the questions in the previous message and any other you want to add.

@ajibarra ajibarra self-assigned this Feb 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

5 participants