Skip to content

How-to: Authenticate a user with two-factor authentication #534

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jgrandja opened this issue Dec 17, 2021 · 12 comments
Open

How-to: Authenticate a user with two-factor authentication #534

jgrandja opened this issue Dec 17, 2021 · 12 comments
Labels
type: documentation A documentation update

Comments

@jgrandja
Copy link
Collaborator

Publish a guide on How-to: Authenticate a user with two-factor authentication

Related gh-499
@jgrandja jgrandja added the type: enhancement A general enhancement label Dec 17, 2021
@HarunSMetin
Copy link

@jgrandja Hello. I would like to work on this issue. But This is my first time contributing to an open-source project. Therefore, I need some guidance. Could you please give me more information about this issue?

@jgrandja
Copy link
Collaborator Author

Thanks for your interest @HarunSMetin.

We're still early in writing the reference documentation and have a few things we need to iron out as far as the format goes. Our plan is to release the initial version in 0.3.0 and then will likely open things up to external contributions at that point.

@schepuri-bisc
Copy link

Hello, we are looking into supporting two-factor authentication; this guide would be of great help. Any ideas when this would be available? Thanks

@sjohnr
Copy link
Contributor

sjohnr commented Apr 14, 2022

Hi @schepuri-bisc, I'm glad you have interest in this topic. I do too. However, it's not at the top of the list at the moment, as it's not currently the most up-voted.

I built a sample some time ago that I will eventually use to build this how-to guide. Take a look at this branch. It is based on the mfa sample in spring-security-samples, and I added a nice UI to demonstrate some additional concepts. Hope it helps!

@schepuri-bisc
Copy link

@sjohnr This is great! The sample is a lot more useful than the how-to guide. Thank you for the quick response.

@jgrandja jgrandja mentioned this issue Nov 23, 2022
Closed
@jgrandja jgrandja mentioned this issue Jan 16, 2023
Closed
@magnus-larsson magnus-larsson mentioned this issue Feb 10, 2023
Closed
@ramonmalcolm10
Copy link

Hi @schepuri-bisc, I'm glad you have interest in this topic. I do too. However, it's not at the top of the list at the moment, as it's not currently the most up-voted.

I built a sample some time ago that I will eventually use to build this how-to guide. Take a look at this branch. It is based on the mfa sample in spring-security-samples, and I added a nice UI to demonstrate some additional concepts. Hope it helps!

When I follow the mfa sample, I was able to bypass mfa by simple closing the current tab and re-login from the client application. Can anyone else confirm this behavior or I am missing something?

@sjohnr
Copy link
Contributor

sjohnr commented May 22, 2023
edited
Loading

When I follow the mfa sample, I was able to bypass mfa by simple closing the current tab and re-login from the client application. Can anyone else confirm this behavior or I am missing something?

Hi @ramonmalcolm10, thanks for your interest and trying out the sample! Yes, unfortunately the sample is incomplete and also on a very out of date branch.

The issue you mention is because this line simply requires any authenticated user (including a partially authenticated one). Once we get closer to finalizing a how-to guide for this, I will revisit the authorization config, but at a minimum the /oauth2/authorize endpoint needs to require hasRole("USER"). There could be other improvements as well, which is why this issue is still waiting to be tackled.

@jgrandja jgrandja mentioned this issue May 23, 2023
Closed
@jgrandja jgrandja added type: documentation A documentation update and removed type: enhancement A general enhancement labels May 27, 2023
@ramonmalcolm10
Copy link

Anytime line on this, this features is critical for me

@wdkeyser02
Copy link

I tried to make a working system, based on the Steve Riesenberg code.
The code works but is not quite right yet. Can anyone give me advice on getting everything right?
Github: https://github.com/wdkeyser02/SpringMfaAuthorizationServer/tree/main/SpringMFAAuthorizationServer01

@wdkeyser02
Copy link

Can you try out the code to this video?
https://www.youtube.com/watch?v=0dSgrhv2nrE&t=28s

Thanks.

@AndreasKasparek AndreasKasparek mentioned this issue Oct 23, 2023
Closed
@spring-projects spring-projects deleted a comment from sjohnr Oct 26, 2023
@spring-projects spring-projects deleted a comment from wdkeyser02 Oct 26, 2023
@Killian-fal
Copy link

Hey, I just published a system that seems to work well. I've explained everything in the repo, it allows to chain processes to set up two-factor authentication but not only. It works with or without Spring Authorization Server (the system is only connected to Spring Security). It's not based on the Steve Riesenberg code.

Repo link: https://github.com/Killian-fal/mfa-spring-authorization-server

@Lemick
Copy link

Lemick commented Feb 11, 2025

Hey, I just published a system that seems to work well. I've explained everything in the repo, it allows to chain processes to set up two-factor authentication but not only. It works with or without Spring Authorization Server (the system is only connected to Spring Security). It's not based on the Steve Riesenberg code.

Repo link: https://github.com/Killian-fal/mfa-spring-authorization-server

It's clean and works like a charm thanks, Spring could ship some filters designed that way IMO

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: documentation A documentation update
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@sjohnr @Lemick @jgrandja @schepuri-bisc @Killian-fal @ramonmalcolm10 @HarunSMetin @wdkeyser02