I’m starting to think about implementing 2FA in my app, has anyone done this or have any recommendations for a good service/api?
@natedogg used this in his app.
Send the current user a text message with a 4-5 digit code via Twilio. Blockspring facilitates a simple connection, or you could use the twillo api directly.
If anyone else has insight on this, I would like to learn more. @Kfawcett, @natedogg - would enjoy hearing about your experience if you’d like to share.
I haven’t gotten around to implementing anything yet.
Hey @dan1,
@csblack was spot on for what I did.
- Use the Random Alphanumeric String Blockspring call to generate a short code.
- Store that code to a custom state, or as a value on the Current User.
- Send a text message to the user that contains the code you generated.
- Once they receive the text, they’ll enter it, and you can have a workflow that checks the code against the stored value. If it’s correct, they’re granted access. If it’s wrong, just show an error message and give them the option to send another code.
Hope that helps! Let me know if you have any questions.
4 Likes
@natedogg, thanks for the detailed explanation, I appreciate it. That should be enough to get me started.
I know this is an old post want to to make everyone aware that this method is insecure as the value is returned to your browser in order to match the values. In other words… You would be able to see the code even without having your phone. You will have to set a privacy rule to be able to see the stored code to match it. Thus that user will be able to see the code in the API responses.
2 Likes