|
|
|
|
- Overview
- How to proceed?
- Principle
- Implementation
- Two-factor authentication functions
Integrate two-factor authentication into your applications
From version 26 onwards, WINDEV, WEBDEV and WINDEV Mobile allow you to set up a double authentication connection.. You can set up two-factor authentication via a standard application (Google Authenticator, Microsoft Authenticator or other). This application, to be downloaded on a mobile phone, returns a personal code on demand (valid for 30 seconds) that must be entered at login (TOTP protocol). Principle Here is how it works: - The application or site with two-factor authentication requires the following elements:
- the username/password pair
- a specific identifier, generated by an authentication application installed on the mobile phone.
- The first time the user tries to log in via two-factor authentication, the application or site generates a code (possibly displayed as a QR code). This code is a TOTP key that must be stored: this QR code (or the corresponding code) must be stored in the authentication application on the phone. The authentication application provides the user with an authentication code that must be used in the application or site to validate the connection.
- On subsequent login attempts, the user will have to enter the code provided by the authentication application. This code is different each time and is valid for a limited period of time.
Implementation To implement two-factor authentication in an application, you should create: - an interface for the first login attempt, to display the code and/or QR code required by authentication application. To do so:
- generate the TOTP key (TwoFactorAuthenticationGenerateTOTPKey). This key must be registered in the WINDEV application, WINDEV Mobile or WEBDEV site, for the user.
- display the bar code needed to register the application/site in the mobile authentication application (TwoFactorAuthenticationGenerateLink).
Remark: This step is optional. You can also provide the TOTP key directly to the user, who will then enter the key in the mobile authentication application. Code example:
sAdresse is string = Client.IDClient + "monadresse@masociete.com"
sCléAppliMobile is string ANSI = TwoFactorAuthenticationGenerateTOTPKey(sAdresse)
CBA_QR_Autentificator = TwoFactorAuthenticationGenerateLink(sCléAppliMobile, ...
sAdresse, "Mon Appli")
- an interface to allow the user to enter the authentication code provided by the authentication application. This interface should include:
- a 6-digit Edit control.
Caution, the control must be of type text, because the 6-digit sequence can start with a zero. It is also possible to use six separate controls that accept one number each. The controls then use the "Automatic end of input" option ("Details" tab of the control description window). - a Button control, for example, to check the code provided with TwoFactorAuthenticationCheckCode. Here is an example of code:
sAdresse is string = Client.IDClient + "monadresse@masociete.com"
sCléAppliMobile is string ANSI = TwoFactorAuthenticationGenerateTOTPKey(sAdresse)
IF TwoFactorAuthenticationCheckCode(SAI_Code, sCléAppliMobile) THEN ...
Two-factor authentication functions The following WLanguage functions are used to handle two-factor authentication:
Related Examples:
|
Training (WINDEV): WD Two-factor Authentication
[ + ] This example shows how to use two-factor authentication to secure access to user accounts. It uses TOTP authentication, which generates a 6-digit code every 30 seconds. The code is generated by all Authenticators that use TOTP (Google, Microsoft, etc.)
|
|
Training (WEBDEV): WW_Two-factor_Authentication
[ + ] This example shows how to use two-factor authentication to secure access to user accounts. It uses TOTP authentication, which generates a 6-digit code every 30 seconds. The code is generated by all Authenticators that use TOTP (Google, Microsoft, etc.)
|
This page is also available for…
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|