I recently implemented Multi Factor Authentication in one of the projects I work. have a great package to make this implementation extremely easy and published a cool strategy for it. Let’s go over the steps. Antonio Ribeiro Christopher Thomas 1- Install google2fa-laravel composer require pragmarx/google2fa-laravel 2- Generating a QR Code The first thing the users will need is a way to enable/disable multi factor authentication. One way to achieve that is to expose a request on that will render an view if the user doesn’t have a private key, or if the user already enabled it. GET profile/token enable disable In the , the Google2FA Facade will be responsible for generating a secret key and generating the QR Code that the user can use to capture the secret key. showEnableTokenForm Don’t forget to show the QR Code through an image tag <img src="{{ $QRCode }}" alt=""> 3- Storing/Removing the Token Once the user reads the QR Code, they can type in the one time password and submit it for the application to validate it for activation. If the user submits the correct one time password, Google2FA Facade will validate that and store the secret on the user’s table. 4- The Authenticated Method After activating the Token, the next step is to require it during the login process. With Laravel default Authentication system, comes with an method that can be used to trigger an action post-authentication. A perfect place to request the token. LoginController authenticated The strategy is to check if the user have a token and require a one time password if they did. If the token is null, the regular behavior of redirecting to the home page will be applied. When that is not the case, the user gets redirected to the route. authenticated /token Note: Make sure to add google_token column in your users table. 5- Requesting one time password during login The will show a simple view with an input field requiring the one time password. TokenController On the Form Submit of this view, the goal is to retrieve the user and verify their one time password against their google token. If it matches, they’re authenticated, otherwise ask again. 6- Final Thoughts The package makes it amazingly simple to implement multi factor authentication in any Laravel application. Focusing only in generating a secret key and validating it whenever necessary, the Google2FA Facade handles the job perfectly.Another interesting point is the strategy of using Auth Facade to force an logout while requesting the one time password and relying on when the token matches. loginUsingId
