DEV Community

loading...

How to enable two-factor authentication in Laravel Orchid

tabuna profile image Alexandr Chernyaev ・2 min read

Two-factor authentication

Two-factor authentication provides your users with additional account security, requiring them to provide a token at login time in addition to their username and password.

Laravel Orchid - what is it?

This is a package for building administration-style applications using the Laravel framework. It is most often used to build back-office applications, admin panels, and content management systems. You can see the differences from Nova, Voyager, BackPack, QuickAdminPanel on the description page

Configuring

By default, the TOTP algorithm is used as the two-factor authentication provider. To enable it, you need to call a static method in the service provider:

namespace App\Providers;

use Illuminate\Support\ServiceProvider;
use Orchid\Support\Facades\Dashboard;

class AppServiceProvider extends ServiceProvider
{
    public function boot()
    {
        Dashboard::useTwoFactorAuth();
    }
}

Now the login form adds a token validation for the accounts upon authorization.

Now let's go to the profile page:

Edit User

In the settings, select the "Two Factor Authentication" item, a modal window opens:

Two Factor Authentication

At this stage, we need an application that supports TOTP, for example, Google Authenticator (Available on iOS and Android)

Scan the offered QR code or manually enter the TOTP code.
The app now generates short temporary codes:

Google Authenticator

To enable, it remains only to enter the code from the phone into the modal window.

Now, when entering the panel, a temporary code will be requested:

Alt Text

That's all. This way we made our application safer. Even if someone receives a login and password for an account, they will also need physical access to your phone to enter the time code.

Discussion

pic
Editor guide