Home Arrow Icon Knowledge base Arrow Icon Global Arrow Icon Can I use Google Authenticator with other TOTP apps in Laravel Fortify


Can I use Google Authenticator with other TOTP apps in Laravel Fortify


Yes, you can use Google Authenticator with other TOTP (Time-based One-Time Password) apps in Laravel Fortify. Fortify uses the `pragmarx/google2fa-laravel` package under the hood to handle TOTP-based two-factor authentication.

The `pragmarx/google2fa-laravel` package is compatible with any TOTP-based authentication app that follows the RFC 6238 standard, including:

- Google Authenticator
- Microsoft Authenticator
- Authy
- FreeOTP
- LastPass Authenticator
- and many others

To integrate other TOTP apps with Fortify, you can follow these steps:

1. Install the `pragmarx/google2fa-laravel` package:

bash
composer require pragmarx/google2fa-laravel

2. Implement the `TwoFactorAuthenticatable` trait in your `User` model:

php
use Laravel\Fortify\TwoFactorAuthenticatable;
use PragmaRX\Google2FALaravel\Google2FA;

class User extends Authenticatable
{
    use TwoFactorAuthenticatable;

    /**
     * Get the user's Google2FA secret.
     *
     * @return string
     */
    public function getGoogleAuthenticatorSecretKey()
    {
        return $this->two_factor_secret;
    }

    /**
     * Set the user's Google2FA secret.
     *
     * @param  string  $secret
     * @return void
     */
    public function setGoogleAuthenticatorSecretKey($secret)
    {
        $this->two_factor_secret = $secret;
    }
}

3. Implement the two-factor authentication management UI:

Create a view where users can enable or disable two-factor authentication. This view should make a POST request to the `/user/two-factor-authentication` endpoint to toggle the 2FA setting.

html
<form method="POST" action="/user/two-factor-authentication">
    @csrf

    @if (auth()->user()->two_factor_secret)
        <button type="submit" name="disable" class="btn btn-danger">
            Disable Two-Factor Authentication
        </button>
    @else
        <button type="submit" name="enable" class="btn btn-success">
            Enable Two-Factor Authentication
        </button>
    @endif
</form>

4. Configure the two-factor authentication in your `FortifyServiceProvider`:

php
use Laravel\Fortify\Fortify;
use PragmaRX\Google2FALaravel\Google2FA;

public function boot()
{
    Fortify::twoFactorAuthentication(function ($request, $user) {
        $google2fa = app(Google2FA::class);

        if ($user->two_factor_secret) {
            $secret = $user->getGoogleAuthenticatorSecretKey();
            $valid = $google2fa->verifyKey($secret, $request->input('code'));

            if ($valid) {
                return true;
            }
        }

        return false;
    });

    Fortify::twoFactorChallengeView(function () {
        return view('auth.two-factor-challenge');
    });
}

In this example, the `twoFactorAuthentication` method uses the `Google2FA` class to verify the TOTP code entered by the user. The `twoFactorChallengeView` method specifies the view that should be displayed when the user needs to enter the TOTP code.

By following these steps, you can integrate any TOTP-based authentication app, including Google Authenticator, with Laravel Fortify for two-factor authentication in your application.

Citations:
[1] https://dev.to/aaronreddix/custom-laravel-authentication-with-multi-factor-options-1gpb
[2] https://stackoverflow.com/questions/68750862/add-2fa-or-otp-via-e-mail-to-laravel-fortify-2fa-via-authenticator-app
[3] https://dev.to/nicolus/laravel-fortify-implement-2fa-in-a-way-that-won-t-let-users-lock-themselves-out-2ejk
[4] https://www.youtube.com/watch?v=rDCqS277dVQ
[5] https://github.com/emargareten/two-factor-laravel