Menu
I'm going to add two factor auth to my Ruby app. I need really simple implementation of it with simple use cases:
ability to generate and send codes by sms or email (means, I don't want to be attached to Google Authenticator with this);
ability to show login-password form first, and then a form for the code (just like github does now).
Does not sound like a rocket science yet. But somehow I'm stuck.
So my question is: did anybody try to implement this, and if so what strategy did you use to accomplish this?
I've tried using the devise-two-factor gem which is described as "Barebones two-factor authentication with Devise".
Under the hood it authenticates user with login+password+code (all at the same time). But in my use case I want the user to enter login+password first (with form posting), then send the code to the user before the user then enters the code afterwards, on the next screen.
The only solution I found is to store login and password in a session (sic!) and use to authenticate user after he entered a 2-factor code. I'm not really feeling too confident about this strategy.
277
asked Jun 21 '26 04:06
devise-two-factor is opinionated on how your login should work. I think you're better off using the ROTP gem directly (which devise-two-factor uses) and implement a custom solution.
97
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
