Vendor-Agnostic Two-Factor Authentication

Related tags

Authentication and Authorization multi_factor
Overview

Multi-Factor

Build Status

Designed to be a vendor-agnostic implementation of various Two-Factor Authentication solutions.

Developed by Paragon Initiative Enterprises for use in our own projects. It's released under a dual license: GPL and MIT. As with all dual-licensed projects, feel free to choose the license that fits your needs.

Requirements

Installing

composer require paragonie/multi-factor

Example Usage

<?php
use ParagonIE\MultiFactor\OneTime;
use ParagonIE\MultiFactor\OTP\TOTP;

$seed = random_bytes(20);

// You can use TOTP or HOTP
$otp = new OneTime($seed, new TOTP());

if (\password_verify($_POST['password'], $storedHash)) {
    if ($otp->validateCode($_POST['2facode'])) {
        // Login successful    
    }
}
Comments
  • Still alive?

    Still alive?

    Hi. Is this project still alive?

    • There have been no changes for a few years...
    • Bacon QR Code is now v2 https://github.com/Bacon/BaconQrCode
    • it might benefit from integration with some of your other libraries eg paragonie/hidden-string for the secret
    opened by pavarnos 3
  • Update dependencies and support PHP 8

    Update dependencies and support PHP 8

    PHP 7.2+ is now required.

    The main breaking change is the upgraded bacon/bacon-qr-code dependency. Version 2 of this library has a slightly different API for rendering QR code images. To match this API, the separate defaultQRCodeWidth and defaultQRCodeHeight properties in the GoogleAuth class have been replaced with a single defaultQRCodeSize property.

    Also switched from Travis CI to GitHub Actions.

    opened by theodorejb 2
  • remove useless code in TOTP

    remove useless code in TOTP

    This line makes no sense. What was the intention behind?

    Maybe a default value like:

        public function getCode(
        string $sharedSecret,
        int $counterValue = 0
    ): string {
       ...
        $counterValue = $counterValue > 0 ? $counterValue : time();
        ...
    opened by apreiml 2
  • Implement TOTP/HOTP over Signal

    Implement TOTP/HOTP over Signal

    Assuming:

    1. Open Whisper Systems is OK with this.
    2. We can create/find a stable PHP implementation of the Signal Protocol.
    3. People actually want this.
    4. People will actually use this.
    5. There's a sane way to access the GCM servers for Signal.
    enhancement help wanted 
    opened by paragonie-scott 1
  • Update implementation/google auth qrcode

    Update implementation/google auth qrcode

    refactored the google auth qrcode methods to enable partial testing (tester currently only supports the plain text renderer).

    Have identified a possible bug in GoogleAuth::makeQRCodeMessage() re: falsy strings, ~will file separate issue.~ filed as #17.

    opened by SignpostMarv 0
  • Use current time for TOTP

    Use current time for TOTP

    Is it some copy pasta leftover from https://github.com/paragonie/multi_factor/blob/748e27f2ac06353b07da677db8458866a96202ae/src/OTP/HOTP.php#L58

    or designed to be used like this per default (with the time() parameter):

    $totp = new OneTime($seed, new TOTP());
$code = $totp->generateCode(time());

    ?

    opened by bytehead 0
  • google auth uri spec query re: falsy strings

    google auth uri spec query re: falsy strings

    The code for generating the qrcode message makes quick checks to see if a string is "falsy", presumably intending to check if it's empty.

    This means that a $label or $issuer of '' is treated identically to '0' and ' '.

    How is trailing whitespace meant to be handled in these uris- i.e. should it be simply checking '' !== $label, or trim them first?

    opened by SignpostMarv 0
  • Potential issue w/ google auth qr code generator & required fields

    Potential issue w/ google auth qr code generator & required fields

    At the time of writing with some very brief tests with the plain text encoder, it appears that the google auth app doesn't like qr codes that lack a username.

                $output->writeln('FIDOU2F QR Code:');

            ob_start();
            (
                new GoogleAuth(
                    $two_factor_auth_secret,
                    TOTP::ObtainInstance(time(), 30)
                )
            )->makeQRCode(
                new Writer(new PlainTextRenderer()),
                'php://output'
            );

            $output->write(ob_get_clean());

    p.s. going to make some qrcode-related changes shortly.

    opened by SignpostMarv 0
Releases(v0.2.2)
Owner
Paragon Initiative Enterprises
Technology should support your ambitions, not hinder them. We are a team of technology consultants that specialize in application security.
Paragon Initiative Enterprises
GitHub
PHP library for Two Factor Authentication (TFA / 2FA)

PHP library for Two Factor Authentication PHP library for two-factor (or multi-factor) authentication using TOTP and QR-codes. Inspired by, based on b

Rob Janssen 896 Dec 30, 2022
Redirects any user which hasn't setup two factor authentication yet to /2fa/

force-two-factor Redirects any user which hasn't setup two factor authentication yet to /2fa/. Use together with the forked two-factor plugin at https

Aiwos 0 Dec 24, 2021
Secure WordPress login with two factor authentication

This plugin allows you to secure your WordPress login with two factor authentication. The users will have to enter a one time password every time they log in.

Volodymyr Kolesnykov 6 Nov 2, 2022
A simple two factor authentication for laravel applications

Laravel 2fa A simple two factor authentication for laravel applications. Installation Require via composer Update database Replace authentication trai

Rezkonline 1 Feb 9, 2022
Laravel Two-Factor Authentication

This package allow you to enable two-factor authentication in your Laravel applications very easily, without the need to add middleware or any modification to your routes. It stores tokens in your database in a distinct table, so you don't need to alter your users table. Notify users about their token via mail, SMS or any custom channel.

null 7 Jun 24, 2022
Google Two-Factor Authentication Package for Laravel

Google2FA for Laravel Google Two-Factor Authentication Package for Laravel Google2FA is a PHP implementation of the Google Two-Factor Authentication M

Antonio Carlos Ribeiro 785 Dec 31, 2022
Two-Factor Authentication for all your users out-of-the-box.

Two Factor On-premises Two-Factor Authentication for all your users out of the box. use Illuminate\Support\Facades\Auth; use Laragear\TwoFactor\TwoFac

Laragear 105 Dec 22, 2022
PHP library for Two Factor Authentication (TFA / 2FA)

PHP library for Two Factor Authentication PHP library for two-factor (or multi-factor) authentication using TOTP and QR-codes. Inspired by, based on b

Rob Janssen 896 Dec 30, 2022
API stubs for developing a plugin that provides a 2FA authentication factor in JobRouter®.

Authentication Factor API JobRouter® is a scalable digitisation platform which links processes, data and documents. Starting with JobRouter® 5.2, a se

JobRouter 4 Nov 4, 2021
This repository includes a sample project to illustrate the usage of the JobRouter® Authentication Factor API.

JR 2FA Example Plugin This repository includes a sample project to illustrate the usage of the JobRouter® Authentication Factor API. It can be used as

JobRouter 4 Sep 10, 2021
PHP class to generate and verify Google Authenticator 2-factor authentication

Google Authenticator PHP class Copyright (c) 2012-2016, http://www.phpgangsta.de Author: Michael Kliewe, @PHPGangsta and contributors Licensed under t

Michael Kliewe 2.1k Jan 2, 2023
Multi-factor Authentication using a Public PGP key for web based applications

PGPmfa() a PHP Class for PGP Multi-factor Authentication using a Public PGP key for web based applications Multi-factor Authentication with PGP Second

null 2 Nov 27, 2022
A framework agnostic authentication & authorization system.

Sentinel Sentinel is a PHP 7.3+ framework agnostic fully-featured authentication & authorization system. It also provides additional features such as

Cartalyst 1.4k Dec 30, 2022
php database agnostic authentication library for php developers

Whoo Whoo is a database agnostic authentication library to manage authentication operation easily. Whoo provides you a layer to access and manage user

Yunus Emre Bulut 9 Jan 15, 2022
It's a Laravel 8 authentication markdown that will help you to understand and grasp all the underlying functionality for Session and API Authentication

About Auth Starter It's a Laravel 8 authentication markdown that will help you to understand and grasp all the underlying functionality for Session an

Sami Alateya 10 Aug 3, 2022
phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server.

phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS) server.

Apereo Foundation 780 Dec 24, 2022
A package that allows secure communication between two or more projects, focused mainly for use in microservices architectures, adding the Oauth2 authorization standard in addition to security at the network level by IP addresses and whitelists, which may already be owned.

OAuth2 between Laravel projects A package that allows secure communication between two or more projects, focused mainly for use in microservices archi

DiiMO 6 Aug 30, 2022
PASETO: Platform-Agnostic Security Tokens

PASETO: Platform-Agnostic Security Tokens Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of the many design deficits that plague

Paragon Initiative Enterprises 3.1k Dec 27, 2022
Multi-provider authentication framework for PHP

Opauth is a multi-provider authentication framework for PHP, inspired by OmniAuth for Ruby. Opauth enables PHP applications to do user authentication

Opauth – PHP Auth Framework 1.7k Jan 1, 2023