Two-factor authentication in Laravel
Two-factor authentication offers a way to add extra protection layer for your website’s user accounts. This allows your users to protect their accounts from unauthorized access. There are many providers that offers such services. In this post, we will use Authy. Authy provides a very robust API for implementing two-factor authentication. You can find API documentation for Authy here.
First you must install composer & create a new laravel application.
Installation
- Use following command to install:
1 2 |
composer require srmklive/authy |
- Add following to $providers array in config/app.php:
1 2 |
'Srmklive\Authy\Providers\AuthyServiceProvider' // Laravel 5 |
1 2 |
Srmklive\Authy\Providers\AuthyServiceProvider::class // Laravel 5.1 or greater |
- Add following to $aliases array in config/app.php:
1 2 |
'Authy' => 'Srmklive\Authy\Facades\Authy' // Laravel 5 |
1 2 |
'Authy' => Srmklive\Authy\Facades\Authy::class // Laravel 5.1 or greater |
- Publish configuration:
1 2 |
php artisan vendor:publish |
- Migrate user table changes to database:
1 2 |
php artisan migrate |
- Add the following lines to User model (e.g App\User.php)
- Before the class declaration, add these lines:
1 2 3 |
use Srmklive\Authy\Auth\TwoFactor\Authenticatable as TwoFactorAuthenticatable; use Srmklive\Authy\Contracts\Auth\TwoFactor\Authenticatable as TwoFactorAuthenticatableContract; |
- Now the change the class declaration. For example, if your class declaration is
1 2 3 4 |
class User extends Model implements AuthenticatableContract, AuthorizableContract, CanResetPasswordContract |
to this:
1 2 3 4 5 |
class User extends Model implements AuthenticatableContract, AuthorizableContract, CanResetPasswordContract, TwoFactorAuthenticatableContract |
- Now change the import traits line accordingly in user model file. For example if the line is:
1 2 |
use Authenticatable, Authorizable, CanResetPassword; |
to
1 2 |
use Authorizable, CanResetPassword, TwoFactorAuthenticatable; |
- Lastly, add/update $hidden variable to hide ‘two_factor_options’ field from any DB call for user detail:
1 2 3 4 |
protected $hidden = [ 'two_factor_options' ]; |
Implementation
You can view further documentation for this plugin here.
I have also implemented it in a sample laravel application as well. You can view installation instructions here. Through this application, you can do:
- User login & registration.
- Enable/Disable two-factor authentication for a user.
Following are the download links for the laravel demo application with two-factor authentication: