2-Factor Authentication
2 minute read
User modules in Brezel support 2-factor authentication. You can configure 2FA settings for each module and even define them individually for each user, depending on its fields.
Setup
Configure your users module as usual. Then, define 2FA settings inside options.two_factor:
{
"bakery_resource_module": "employees",
"bakery_resource": {
"identifier": "employees",
"type": "users",
"options": {
"two_factor": {
"type": "email",
"view": "mail.two_factor.code"
}
},
"fields": [
{
"identifier": "email",
"type": "email"
},
{
"identifier": "password",
"type": "password"
},
{
"identifier": "phone",
"type": "text"
}
]
}
}
Providers
There are currently two providers available:
Email (email)
Send the auth code per email, via the email field. Requires mail settings to be defined in the user’s client.
Options:
view(string): Name of the mail view used to build the auth code mailable. The mail view has access to these variables:user(User)code(string)
SMS (sms)
Send the auth code per text messages, via the phone field. Requires Twilio settings to be defined in the client,
defined by twilio_sid, twilio_token and twilio_number.
Dynamic settings
Settings can be applied dynamically per user via recipe injections, similar to recipes in layout elements. Simply define
a recipes block in the scope of the attributes you want to change dynamically:
{
"identifier": "employees",
"type": "users",
"options": {
"two_factor": {
"view": "mail.two_factor.code",
"recipes": {
"type": "two_factor_type"
}
}
},
"fields": [
{
"identifier": "email",
"type": "email"
},
{
"identifier": "password",
"type": "password"
},
{
"identifier": "phone",
"type": "text"
},
{
"identifier": "two_factor_type",
"type": "choice",
"options": {
"values": ["email", "sms"]
}
}
]
}