Apiato 2FA Container
This Container is used to manage the 2 Factor Authentication using any app like Google Authenticator
Only Works in Existing Apiato Application
Read more about the Apiato container installer in the docs!
composer require elshaden/apiato-mfa
use HasMfaKeyTrait
Add the use HasMfaKeyTrait in the User Model or Any Other Model you want to use it with
Migrate the table 'otp_keys'
and you are ready to go
Check Config File in Configs Dir for any changes
$user-> HasOtp();
This will return the full record of the Otp Key.
object // MfaKey
id // Hashed MfaKey Id
mfable_id
mfable_type
code // Base64 MfaKey Code
qr_code // QR Code Image
created_at
updated_at
$user-> CreateMfaKey();
This will return : The Otp_key Record created with otp Key ( basse 64 TOTP key) QR code inform of Base 64 Image and the user Id
$user->UpdateKey();
This will regnertae the Key and updates the record
$user->ValidateKey($Code, $slots =1); // The code must be the six digits in the Authenticator
$user->GenerateCode();
This will generate a 6 Digits Code based on the user token, at any given time The code should match any authenticator App's such as Google Authenticator
if You specify the parameter calss in any call the action will be taken on the class specified. Classes must be set in the config file, example Customer , must be specified in the config file if you do not specify any calss, the action ill be made on the default calss, mostly User
Endpoint | Method | Parameteres | Usage | Response |
---|---|---|---|---|
/mfakeys | POST | id, (optional)class | Creates New User Token | int "id", string "code", image "qr_code" `` |
/validate-mfa | POST | id , pin , slots, class | Validates 6 digits pin | bool "result" |
/generate-pin/{id}/{class?} | GET | Generates 6 Digits pin | int "code" |
|
/mfakeys/{id}/{class?} | PATCH | Create New Mfa and revokes the old one | int "code" |
In Addition to Find, delete and Update OtpToken for any user.
Note when validating the Otp in validate-mfa slots means validate the key for past minutes.
One Minute slot equal two 30 seconds slots. meaning the number can change once and still the pin can be true.
the longer the period the more time it takes to check the validity, so please try to be conservative.