Laravel 8 Fortify - 2FA only when the user logs in from a new device

Question

I am implementing two-factor authentication (2FA) in my Laravel 8 application.

The 2FA is applied every time the user logs in. However, I don't really feel that 2FA is necessary every time, I even find it annoying. As a solution I am thinking of applying it only when the user connects from a new device. Is there someone who has already done it or who can give me a hint of the changes that would be necessary?

Answer 1

According to this line: https://github.com/laravel/fortify/blob/82c99b6999f7e89f402cfd7eb4074e619382b3b7/src/Http/Controllers/AuthenticatedSessionController.php#L80

you can create a pipelines.login entry in your fortify config file.

The solution would be to:

• create the config entry
• copy the pipeline setup in the above file, line 84.
• create a custom AttemptToAuthenticate class, make sure the pipeline config points to your new class.
• make the new class extend the default fortify AttemptToAuthenticate class.
• overwrite the handle function, add your logic in the new function, where you check for a cookie on the device.