Two-factor local login option

feature
21

I originally posted this in the GitHub PR, sorry about that, should have posted it here. I have some thoughts and humble opinions :wink: on this and thought I’d share em:

Cool feature! We are currently using two factor authentication with Discourse and OpenAM (oauth2). One advantage of offloading the more complex authentication to an AM solution like OpenAM (or Gluu, or whatever AM solution you want to use) is that it allows for vastly more flexibility then Discourse probably ever will. So while I think its really cool what you’ve made I would just like to point out that it might be wise for the devs to think about how much security complexity they want to pull in to Discourse and where to draw the line and off-load it to other solutions.

22

Sorry for late response :frowning:

When reading about this feature request, I think the team want this in the core. So here it is. And you can still use the third party service without a doubt! It’s optional.

4 Likes
23

Jasper, I am an OpenAM noob. Could you please share the basics of how you implemented SSO for Discourse with OpenAM?

24

I use openAM at work and we do authentication at reverse proxy level, using lua on nginx. To integrate with discourse was just a matter of creating one more nginx endpoint that responds to discourse SSO requests, we used lua too, so everything openAM is handled at nginx.

25

@Lee_Ars I fell here searching for another topic and I’m not really interested in this one, so I have honestly little clue what you’re talking about, but… Just wanted to thank you for mentioning PAM there. I enjoyed reading a few other offtopic bits here. :slight_smile:

26

Maybe time to bump the HAI GUYS CAN WE 2FA PLZ topic, @codinghorror??

1 Like
27

As far as I know, it won’t get into the core but as a plugin.

The code was scrambled in this commit. I believe I didn’t think much about sso, invite and many more stuff though (based on the age of this commit).

https://github.com/fantasticfears/discourse/commit/08cec58f5d37a92030fd712216cea96df02f8953

4 Likes
28

Is there any update on this?

29

Since we’re nearing the end of the year I’ll give this thread my yearly “hey @sam we would love 2FA” bump :slight_smile: Duo, Yubi, or just plain ol’ TOTP—anything would be great.

3 Likes
30

Is there any chance that this is still being looked at?

I think it would be a great option to have. Security and especially 2FA is such an important feature!

Thanks in Advance.

31

Now it’s a good time to ask @codinghorror about this :smile:

9 Likes
32

Let’s hope the @codinghorror likes it. I did find this code on how to integrate https://github.com/TwoFactorAuth/ruby which uses the U2F FIDO standard.

1 Like
33

Are there any updates on this? This is still a must have in security for any community, and it’s one of the things I’d love to offer my users.

34

Perhaps, and we totally love 2fa at Discourse, but none of our paying customers are pushing for it. Keep in mind, if you use Google, you get 2fa for free by the virtue of using Google.

6 Likes
35

As a customer we think this feature is necessary… if it’s possible to think about it that will be awesome

36

should we start a campaign to help your paying customers see this thread? :wink:

That reminds me… do you have a “tip jar” somewhere, where community can donate small amounts in $ or BTC?

37

Yes it is at https://discourse.org/buy :slight_smile:

2 Likes
40

Hopefully, this will be implemented very soon, security is 100% very important too me, even a site setting “Require two factor authentication to enter admin panel” is a great idea. I’m with this idea! :slight_smile:

1 Like
41

Wondering what the progress has been on this idea. :slight_smile:

42

Will happen some time in 2018

15 Likes