-
|
"I'm looking for a function to use in my app to check whether a user is already paired with the authenticator. In other words, I want to check if the username and secret are not already linked, and if they are not, display a QR code for pairing. If they are already linked, then perform another action." |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
When you "pair" a user, you store the secret with the user. So if a user has a secret, (s)he has 2FA enabled (or "paired"). If the user has no secret then (s)he hasn't enabled (or "paired") 2FA. The QR you show is always for pairing. You then confirm the code generated by the user's app by having them enter the TOTP code, and if that is correct you store the secret (which is the "pairing"). From then on, you never need to show a QR again, you just ask for the TOTP code on login each time. Where / how you store the secret is up to you, but if your user is stored in, say, as |
Beta Was this translation helpful? Give feedback.
When you "pair" a user, you store the secret with the user. So if a user has a secret, (s)he has 2FA enabled (or "paired"). If the user has no secret then (s)he hasn't enabled (or "paired") 2FA.
The QR you show is always for pairing. You then confirm the code generated by the user's app by having them enter the TOTP code, and if that is correct you store the secret (which is the "pairing"). From then on, you never need to show a QR again, you just ask for the TOTP code on login each time.
Where / how you store the secret is up to you, but if your user is stored in, say, as
userstable then add atotp_secretfield or something to theuserstable and have it nullable. Then,nullmeans "not …