You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Dec 2, 2021. It is now read-only.
Copy file name to clipboardExpand all lines: Resources/doc/api.md
+26-4Lines changed: 26 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,6 +10,13 @@ To make two-factor authentication work in an API, your **API has to be stateful*
10
10
session which is passed by the client on every call. The session is necessary for two-factor authentication to store the
11
11
state of the login - if the user has already completed two-factor authentication or not.
12
12
13
+
If you use a custom authenticator (you may have followed Symfony's guide
14
+
[Custom Authentication System with Guard (API Token Example)](https://symfony.com/doc/current/security/guard_authentication.html)),
15
+
please make sure your authenticator doesn't authenticate on every request, but only when the
16
+
authentication route is called. For an example, have a look at the
17
+
[Avoid Authenticating the Browser on Every Request](https://symfony.com/doc/current/security/guard_authentication.html#avoid-authenticating-the-browser-on-every-request)
18
+
section in the Symfony guide.
19
+
13
20
## Setup
14
21
15
22
ℹ️ For simplicity of this guide, it is assumed that you're building a JSON API and you're using the `json_login`
@@ -23,6 +30,21 @@ You need to implement 4 classes:
23
30
3) A custom success handler for the two-factor authentication
24
31
4) A custom failure handler for the two-factor authentication
25
32
33
+
### Configuration
34
+
35
+
Please make sure the following configuration options are set on your firewall:
36
+
37
+
```
38
+
# config/packages/security.yaml
39
+
security:
40
+
firewalls:
41
+
your_firewall_name:
42
+
# ...
43
+
two_factor:
44
+
prepare_on_login: true
45
+
prepare_on_access_denied: true
46
+
```
47
+
26
48
### 1) Response on login
27
49
28
50
This first response is returned after the user logged in. Without two-factor authentication, it would either return
@@ -74,7 +96,7 @@ security:
74
96
75
97
### 2) Response to require two-factor authentication
76
98
77
-
Configure a response that is returned when the user requests a path, but it is not accessible (yet), because the user
99
+
You need a response that is returned when the user requests a path, but it is not accessible (yet), because the user
78
100
has to complete two-factor authentication first. This could be the same as your "access denied" response.
79
101
80
102
Create a class which implements `Scheb\TwoFactorBundle\Security\Http\Authentication\AuthenticationRequiredHandlerInterface`
@@ -114,8 +136,8 @@ security:
114
136
115
137
### 3) Response when two-factor authentication was successful
116
138
117
-
Configure a response that is returned when two-factor authentication was completed successfully and the user is now
118
-
fully authentication. Implement another success handler for it:
139
+
You need a response that is returned when two-factor authentication was completed successfully and the user is now
140
+
fully authenticated. Implement another success handler for it:
119
141
120
142
```php
121
143
<?php
@@ -151,7 +173,7 @@ security:
151
173
152
174
### 4) Response when two-factor authentication failed
153
175
154
-
Configure a response that is returned when two-factor authentication was tried, but authentication failed for some
176
+
You need a response that is returned when two-factor authentication was tried, but authentication failed for some
0 commit comments