2FA #57
Replies: 4 comments 5 replies
-
|
Being mounted up on Lucia would virtually be possible, but also would require a rework of the authentication patterns. But to be honest this project was aiming to be simple in origin. I could put a toggle for 2FA, but that would require an estensive setup 🤔 |
Beta Was this translation helpful? Give feedback.
-
|
Ah I see, at least it has authentication which is primarily why I use this over shlink or others. Hopefully exposing it online doesn't hurt if just running on a vps. Hopefully this can be implemented later on. |
Beta Was this translation helpful? Give feedback.
-
|
Let me find some time to think about this. I had the idea to keep it simple, I may find a way |
Beta Was this translation helpful? Give feedback.
-
|
i'm looking on 2fa guidelines and the copenhagen book for authentications. meanwhile shouldn't be possible to choose which path authelia would cover in policies? (like /path protected /other-path unsafe?) that way it would be possible to just lock /auth to disable signin/up, and it would need first authelia auth, and then simple login. BUT it is an overlay, not a solution, i agree already |
Beta Was this translation helpful? Give feedback.
-
|
Yeah that would work, I guess I never really went down that path since I would have a double login. |
Beta Was this translation helpful? Give feedback.
-
|
I think I can try to fork the project and create an ad hoc version with keycloak / authelia integration, but i have to take some time to check it |
Beta Was this translation helpful? Give feedback.
-
|
ah ok, would defienitly check it out. For now, I'm going to try the approach you suggested, double login isn't as bad now that I think about it to ensure the env doesn't get exposed to bad actors. for now this can be low priority as things to look forward to later on. |
Beta Was this translation helpful? Give feedback.
-
|
Ok i actually managed to put 2FA following copenhagen book as OTP and authenticator reliant, so it would need your favorite authenticator to login IF said setting is enabled (via ui, env, etc). So at least for that we are good, i'll see tags tomorrow :) |
Beta Was this translation helpful? Give feedback.
-
|
Great to hear brother! Can't wait to enable it. Really appreciate it. |
Beta Was this translation helpful? Give feedback.
-
Any way to add 2FA easily? It would be nice to open have this as a service online but not having 2FA makes so it could be vulnerable. I have added authelia in front but even shortcodes require 2fa using that method which makes it not viable.
Beta Was this translation helpful? Give feedback.
All reactions