Using Google Authenticator with Symfony Security

Question

I'm looking to add 2 factor login to my Silex app.

However, I'm having some road blocks on how to get this working correctly.

my biggest sticking point is having the firewall not fully log the user in and instead direct them to a page to confirm their identity.

I've thought about using Symfony Guard, but looking at the documentation, I didn't see anything that would let me prevent the user from being logged in.

I don't have any code yet, at this point, I'm just tying to design the flow and after I have a concrete execution plan, I was going to then begin writing code.

Answer 1

I remember reading a blog post about doing this in Sf2, but I cannot find it now. Here's the gist:

• the login part is the usual one
• create a listener for the controller event, and redirect to the 2FA controller unless the user has a role (ROLE_GOOGLE_AUTHENTICATED or similar) and unless the user is requesting that route
• on that url render a form and check if it's a post, and if the code verifies add that role to the user

I'm sure you can adapt it for silex. You can also check the bundles that exist for Sf2 on how they work exactly.