1

I am developing a Symfony API application with two-step authentication. First step is json_login form with username and password and second step is OTP with SMS service. After json_login succeeded, json_login authenticator has to create JWT. Because, I use tokens instead of PHP sessions. It's configured in security.yaml file by stateless: true option.

# security.yaml
stateless: true
json_login:
check_path: app_login
     username_path: email
     password_path: password

It is possible making many different authenticators and firewalls with Symfony Framework. In the first step (json_login), the user is authenticated and is authorized to access the whole system. However, the user must have access to the entire system after the OTP step. Which method can I use for two-factor authentication?

Improve this question

1 Answer 1

Reset to default
1

Here are some tips that have helped me in the past :

After the implementation of these bricks, you need to add the business logic of your API

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I have to configurate 2fa bundle for JWT. I can't use external user systems like Twillio for security reasons. I will share results of my working. Thanks @Mahefa
Thanks @karatas.hakan

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.