https://discord.umbraco.com logo
Join Discord
Powered by
2FA in V14 Thread
# package-development
w
Question: The 2FA tutorial is great for V14 (honestly surprised to see it in the docs, so kudos to all there) Couple of thoughts feedback ๐Ÿงต
* The extensions table/insights would have been good to list out the 
MFA Login Provider
type to help with discoverability & DX & any other extensions types that exist but have nothing registered would still be useful to have in that dropdown IMO
Would be good for discoverabilty & DX if the MFA Login Provider was listed in the Extension Insights along with any other extension types regardless if they have anything registered for them. Means I could have stumbled across it, discovered the extension point and looked to docs, google or take a stab at implementing one myself etc..
The other thing is that this is so generic boilerplate code from the tutorial that surely this just makes sense to be part of the core or to be a small package from HQ so that people can simply just choose to install it, as the only real configuration needed is to give it a nice name for QR code scanned in by an authenticator app. Thoughts @Jacob Overgaard @Ronald Barendse (Mr Packages & DXP)
j
Hey Warren, can you link to the doc?
w
Yep sure can
j
Thanks for that! I'm sure I could have searched and found it but it's nice to have it here for anyone else who's peeking into the thread
w
Yeh of course and still docs site is fiddly to know if the article has been updated for V14 and using the search. So its a bit of a gamble atm
j
Agree, could have been a package. But then again, not all providers use QR codes, and not all providers require an input field on the login screen. We managed to clean up quite a bit from V13 actually, as you had to install even more (angularjs) views to configure everything. Now we ship default components for the QR code setup and buttons.
w
Yep I saw - but with the provided tutorial its a QR code and would be fine for most IMO. Only if you have specific requirements with a 2FA provider and if you use a different login provider such as Azure AD/Entra or others then the 2FA is done inside their systems. So I doubt many will ship other 2FA customisations IMO, but curious to know/see if there is though.
j
Yeah, but how you configure 2fa on Github or azure or whatever belongs to the "external login provider" feature, which could certainly also make good use of a package
maybe you have enough for two packages here ๐Ÿ™‚
Anyway, would be interesting to see an MFA implementation that actually uses something else than a code field, for example an app or a link in an email or, or, or...
w
But you do the 2FA on GitHub's or Azure servers not back on the CMS 
/umbraco
j
Umbraco also has 2FA built-in without needing external login. In that case, you do it directly on the login screen.
...but that kind of 2FA doesn't need to be a 4-6 digit code. That's why the view is configurable because we don't know what your provider supports, for example Google Authenticator will always be a 6-digit code, but you may have something in-house that requires clicking a link or something else.
w
Said package for anyone else reading thread https://marketplace.umbraco.com/package/umbraco.community.user2fa
5 Views
PreviousNext
Powered by