Welcome Guest, Not a member yet? Register   Sign In
Authentication libraries: Two factor auth support
#1
Question 

Hey Guys,

I'm currently looking for a good Authentication library with Two factor authentication. 


My main goal is having 2 seperate User tables one for Admins (containing a max of 5-6 users) and another with regular users containing a few thousand users. This due to GDPR regulation point of view.

 So i will have two different Tables (different structure) and also two different login systems.

I've looked ION-auth which looks great but lacks the support of two factor auth,(has a branch with Google Authenticator last updated 2y ago so bit old).

https://github.com/biscofil/CodeIgniter-Ion-Auth


The second library that i've looked at was Aauth, which offers Build in Two factor auth with Google Authenticator. And as far as i can tell seems to have decent security measures.

https://github.com/emreakay/CodeIgniter-Aauth


They both have some advantages and disadvantages, i'm slightly drawn more to Aauth than ION Auth but i don't have experience with neither.

Finally i am considering creating my own authentication library, that is completely customized for my needs and my setup of the project. And look for inspiration in other libraries / plugins / practices.

Yet my main problem is that i didn't have any education in computer science/ development, and i've learned everything i know myself.
I've been working as a php developer for a few years, but when it come to security i'm extremely paranoid. I'm always thinking about "what if this isn't good enough" or will it hold out against attackers ...  Dodgy

Any advice on this matter ? Go custom build? or use a Library that is a 50-60% match ? Or do you know alternative authentication libraries that could be helpful ? Or even good online courses for securing php apps? All suggestions, advice, thoughts are welcome!

Thanks in advance.

Best regards,
Bart
Reply
#2

I was coming on here to ask the exact same question. Did you ever find a solution that worked for you?
Reply
#3

ION-auth is the most developed (one and only?), if you want something newer, you must change framework to laravel, or symfony.
Reply
#4

(07-08-2019, 08:44 AM)jhob Wrote: I was coming on here to ask the exact same question.  Did you ever find a solution that worked for you?

Hey jhob,

I had to custom build it, but started from ION Auth library. https://github.com/benedmunds/CodeIgniter-Ion-Auth. I used ION Auth as authentication library. And used https://github.com/PHPGangsta/GoogleAuthenticator
To implement Google authenticator validation.

General flow: log user in with ion Auth. When successfully logged in check TOTP via Google authenticator. If it's a match set a specific cookie. If both the ion Auth and custom cookie are present user can continue. You can store some hashed user info in the custom cookie like IP, User-agent to validate the cookie against current user in the session. If Google authenticator validation failed destroy session, log user out. ( Posting from mobile)
Reply
#5

Thanks for the responses. After a bit of hunting around I found a fork of Ion Auth 2 that includes TOTP and have just had a quick play around with it and all appears to work well: https://github.com/SpyTec/CodeIgniter-Ion-Auth-OTP

It's for IonAuth2, not 3. At some point I might look at integrating it with IonAuth 3 as don't think 2 is wildly different to 3.
Reply
#6

(07-09-2019, 04:26 AM)jhob Wrote: Thanks for the responses.  After a bit of hunting around I found a fork of Ion Auth 2 that includes TOTP and have just had a quick play around with it and all appears to work well: https://github.com/SpyTec/CodeIgniter-Ion-Auth-OTP

It's for IonAuth2, not 3.  At some point I might look at integrating it with IonAuth 3 as don't think 2 is wildly different to 3.

Hi jhob,

If the library suites you requirements you should go for it. I don't think CI2 and CI3 are that different. Certainly not like CI3 & CI4. If you should have questions concerning ION Auth, you can find info on stackoverflow. Ben the creator of Ion Auth is very nice guy, and will also help you if you post questions about the library on the GitHub page. There is some info about 2fa on the GitHub issue section of the library awell. Good luck!
Reply




Theme © iAndrew 2016 - Forum software by © MyBB