|
|
|
|
- Overview
- How to proceed?
- Principle
- Implementation
- Two-factor authentication management functions
Integrate two-factor authentication into your applications
In version 26, WINDEV, WEBDEV and WINDEV Mobile allow you to set up a login via two-factor authentication. You can set up two-factor authentication via a standard application (Google Authenticator, Microsoft Authenticator or other). This application, to be downloaded on a mobile phone, returns a personal code on demand (valid for 30 seconds) that must be entered at login (TOTP protocol). Principle Here is how it works: - The application or site with two-factor authentication requires the following elements:
- the username/password pair
- a specific identifier, generated by an authentication application installed on the mobile phone.
- The first time the user tries to log in via two-factor authentication, the application or site generates a code (possibly displayed as a QR code). This code is a TOTP key that must be stored: this QR code (or the corresponding code) must be stored in the authentication application on the phone. The authentication application provides the user with an authentication code that must be used in the application or site to validate the connection.
- On subsequent login attempts, the user will have to provide the code provided by the authentication application. This code is different each time and is valid for a limited period of time.
Implementation To implement two-factor authentication in an application, you should create: - an interface for the first login attempt, to display the code and/or QR code required by authentication application. To do so:
- generate the TOTP key (TwoFactorAuthenticationGenerateTOTPKey). This key must be stored in the application.
- display the bar code needed to register the application/site in the mobile authentication application (TwoFactorAuthenticationGenerateLink).
Remark: This step is optional. You can also provide the TOTP key directly to the user, who will then enter the key in the mobile authentication application. Code example:
// User unique identifier sAddress is string = Customer.CustomerID + "myaddress@mycompany.com" // Generate TOTP key sMobileAppKey is ANSI string = TwoFactorAuthenticationGenerateTOTPKey(sAddress) // Display the TOTP key in a bar code BAC_QR_Autenticator = TwoFactorAuthenticationGenerateLink(sMobileAppKey, ... sAddress, "My App")
- an interface to allow the user to enter the authentication code provided by the authentication application. This interface should include:
- a 6-digit Edit control.
Caution, the control must be of type text, because the 6-digit sequence can start with a zero. It is also possible to use six separate controls that accept one number each. The controls then use the "Automatic end of input" option ("Details" tab of the control description window). - a Button control, for example, to check the code provided with TwoFactorAuthenticationCheckCode.. Here is an example of code:
sAddress is string = Customer.CustomerID + "myaddress@mycompany.com" sMobileAppKey is ANSI string = TwoFactorAuthenticationGenerateTOTPKey(sAddress) // Or stored key IF TwoFactorAuthenticationCheckCode(EDT_Code, sMobileAppKey) THEN ...
Two-factor authentication management functions The following WLanguage functions are used to handle two-factor authentication:
Related Examples:
|
Training (WINDEV): WD Two-factor Authentication
[ + ] This example shows how to use two-factor authentication to secure access to user accounts. It uses TOTP authentication, which generates a 6-digit code every 30 seconds. The code is generated by all Authenticators that use TOTP (Google, Microsoft, etc.)
|
|
Training (WEBDEV): WW_Two-factor_Authentication
[ + ] This example shows how to use two-factor authentication to secure access to user accounts. It uses TOTP authentication, which generates a 6-digit code every 30 seconds. The code is generated by all Authenticators that use TOTP (Google, Microsoft, etc.)
|
This page is also available for…
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|