This is a component that allows you to implement two factor authentication using Time based OTP. This can be implemented on apps that use Outsystems internal authentication.
Note: Please download the demo along with the component to see the front end implementation and test it.
Process :
1. Logged in user can enable two factor authentication under My profile section.
2. The user will be presented with a QR code which they can scan using TOTP apps like Google Authenticator or Microsoft Authenticator. The user will have to enter the OTP from the app to confirm setup, The backend will validate the OTP entered to make sure the setup is correct for the logged in user.
OTP from Google Authenticator.
3. Once the 2FA has been setup, Upon login the user will be prompted OTP and will be successfully logged in only when OTP is verified after username and Password.
Technical Details:
The service application provides server actions which takes control of the 2FA process. Please review the login screen and the flow of the demo application which handles the 2FA while logging in. Please note the Issuer and App Name can be configured in the site properties for display on Google Authenticator or Microsoft Authenticator.
Fixed a few issues:
* Leveraging the OutSystems Out of the box Brute force checks and other validations upon user login
* Updating TOTP Key URI format for an issue with Microsoft Authenticator
* Use Username as label on the Authenticator app display