Download the PHP package ianm/twofactor without Composer
On this page you can find all versions of the php package ianm/twofactor. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package twofactor
2FA
A Flarum extension. 2FA for Flarum
Requirements
This extension requires a minimum of PHP 8.1, due to a 3rd party library constraint.
Features
- Enforces
adminaccounts to have 2FA enabled for increased security - Configure which additional user groups should also be enforced
- Supports all common authentication apps
- Protects
login,forgot passwordendpoints - Integrates with
fof/oauthto protect OAuth logins to protected accounts - 2FA Enabled/Disabled notifications
- 2FA Status page
- Backup/recovery codes
- Option to revoke dormant access tokens after X days of no usage
Permissions
This extension provides the ability to view the status of 2FA of other users (intended for admin and/or moderator use). In order for this to function correctly, you must also set the permission Moderate Access Tokens to at least the same group as you require for View 2FA status of other users.
Installation
Install with composer:
Updating
Usage
CLI
Independantly of the setting, you may remove dormant access tokens using the CLI. The days setting defaults to 30 days, and the CLI will still respect this value from the extension settings, as well as the developer token setting:
TODO
Screenshots
QR Code setup
Manual setup
Security tab integration
Enabled/Disabled notifications
Admin user list status icon
Extensibility
Disabling 2FA for specific OAuth providers
If you are building an extension that integrates with fof/oauth and want certain providers to bypass the 2FA challenge entirely, use the TwoFactor extender in your extension's extend.php. Wrap it in a Conditional so it only activates when ianm/twofactor is enabled:
The provider name must match the string identifier used when registering the provider with fof/oauth (e.g. 'github', 'google', 'discord'). Multiple providers can be chained:
Note: This only bypasses the OAuth 2FA interception. Users who log in directly (username + password) are unaffected and will still be required to complete 2FA if it is enabled on their account.
Links
Support
Please consider supporting my extension development and maintenance work.
