ONLINE HELP
 WINDEVWEBDEV AND WINDEV MOBILE

Help / WLanguage / WLanguage functions / Communication / Two-factor authentication
  • Overview
  • How to proceed?
  • Principle
  • Implementation
  • Two-factor authentication management functions
WINDEV
WindowsLinuxUniversal Windows 10 AppJavaReports and QueriesUser code (UMC)
WEBDEV
WindowsLinuxPHPWEBDEV - Browser code
WINDEV Mobile
AndroidAndroid Widget iPhone/iPadIOS WidgetApple WatchMac CatalystUniversal Windows 10 App
Others
Stored procedures
Overview
In version 26, WINDEV, WEBDEV and WINDEV Mobile allow you to set up a login via two-factor authentication.
You can set up two-factor authentication via a standard application (Google Authenticator, Microsoft Authenticator or other). This application, to be downloaded on a mobile phone, returns a personal code on demand (valid for 30 seconds) that must be entered at login (TOTP protocol).
How to proceed?

Principle

Here is how it works:
  • The application or site with two-factor authentication requires the following elements:
    • the username/password pair
    • a specific identifier, generated by an authentication application installed on the mobile phone.
  • The first time the user tries to log in via two-factor authentication, the application or site generates a code (possibly displayed as a QR code). This code is a TOTP key that must be stored: this QR code (or the corresponding code) must be stored in the authentication application on the phone. The authentication application provides the user with an authentication code that must be used in the application or site to validate the connection.
  • On subsequent login attempts, the user will have to provide the code provided by the authentication application. This code is different each time and is valid for a limited period of time.

Implementation

To implement two-factor authentication in an application, you should create:
  • an interface for the first login attempt, to display the code and/or QR code required by authentication application. To do so:
    • generate the TOTP key (TwoFactorAuthenticationGenerateTOTPKey). This key must be stored in the application.
    • display the bar code needed to register the application/site in the mobile authentication application (TwoFactorAuthenticationGenerateLink).
      Remark: This step is optional. You can also provide the TOTP key directly to the user, who will then enter the key in the mobile authentication application.
    Code example:
    // User unique identifier
    sAddress is string = Customer.CustomerID + "myaddress@mycompany.com"
    // Generate TOTP key
    sMobileAppKey is ANSI string = TwoFactorAuthenticationGenerateTOTPKey(sAddress)
    // Display the TOTP key in a bar code
    BAC_QR_Autenticator = TwoFactorAuthenticationGenerateLink(sMobileAppKey, ...
    sAddress, "My App")
  • an interface to allow the user to enter the authentication code provided by the authentication application. This interface should include:
    • a 6-digit Edit control.
      Caution, the control must be of type text, because the 6-digit sequence can start with a zero. It is also possible to use six separate controls that accept one number each. The controls then use the "Automatic end of input" option ("Details" tab of the control description window).
    • a Button control, for example, to check the code provided with TwoFactorAuthenticationCheckCode.. Here is an example of code:
      sAddress is string = Customer.CustomerID + "myaddress@mycompany.com"
      sMobileAppKey is ANSI string = TwoFactorAuthenticationGenerateTOTPKey(sAddress) // Or stored key
      IF TwoFactorAuthenticationCheckCode(EDT_Code, sMobileAppKey) THEN ...
Two-factor authentication management functions
The following WLanguage functions are used to handle two-factor authentication:
TwoFactorAuthenticationCheckCodeVerifies the code given by an authentication application.
TwoFactorAuthenticationGenerateLinkGenerates a link to register an account in an authentication application. When associated with a Bar Code control, this link will show a QR code that can be scanned in the authentication app installed on the phone.
TwoFactorAuthenticationGenerateTOTPKeyGenerates a TOTP Key for an application user.
Related Examples:
WD Two-factor Authentication Training (WINDEV): WD Two-factor Authentication
[ + ] This example shows how to use two-factor authentication to secure access to user accounts.
It uses TOTP authentication, which generates a 6-digit code every 30 seconds.

The code is generated by all Authenticators that use TOTP (Google, Microsoft, etc.)
WW_Two-factor_Authentication Training (WEBDEV): WW_Two-factor_Authentication
[ + ] This example shows how to use two-factor authentication to secure access to user accounts.
It uses TOTP authentication, which generates a 6-digit code every 30 seconds.

The code is generated by all Authenticators that use TOTP (Google, Microsoft, etc.)
Minimum version required
  • Version 26
This page is also available for…
Comments
Click [Add] to post a comment

Last update: 06/22/2023

Send a report | Local help