David P 3 Posted May 14 Hello Has anyone added MFA support using authenticator apps for their application? Any resources greatly received. Thanks D Share this post Link to post
dummzeuch 1644 Posted May 14 (edited) 2 hours ago, David P said: Has anyone added MFA support using authenticator apps for their application? Any resources greatly received. dzOTP Tool to test OneTimePad tokens generated by the FreeOTP Android App That was a long time ago, so I don't really remember how exactly this worked. Edited May 14 by dummzeuch Share this post Link to post
David P 3 Posted May 16 Thanks for that. I've added OTP support already, but wish to add the use of authenticator apps like MS/Google Authenticator but there's not a lot of info out there. Share this post Link to post
David P 3 Posted Tuesday at 02:53 PM (edited) For those that may be searching for this in the future: You need to assemble a URL and display it as a QR code so it can be scanned by an authenticator application. The format is given here: https://github.com/google/google-authenticator/wiki/Key-Uri-Format I use this string and substitue in my values. otpauth://totp/[COMPANY]:[ACCOUNT]?secret=[SECRET]&issuer=[ISSUER]&algorithm=[ALGO]&digits=[DIGITS]&period=[PERIOD] You then display it as a QR code for the user to add to their authenticator application. I found that whatever time period I entered into the URL(30sec, 60sec etc), the authenticator applications always defaulted to 30 seconds. This means your TOTP checking code also needs to use a 30s window. Edited Tuesday at 02:56 PM by David P Share this post Link to post
![Delphi-PRAXiS [en]](https://en.delphipraxis.net/uploads/monthly_2018_12/logo.png.be76d93fcd709295cb24de51900e5888.png){kind=logo}
