I am making a custom Credential Provider in Windows 7/Windows 8. The goal is to authenticate a user by username and password (provided from the user on the computer), and also a secure token obtained from an Android phone. The secure token is a string of random characters, for simplicity's sake. I'm having trouble figuring out how the computer can send a request to the phone over a WLAN connection, and then use the response to update the credentials and proceed with the logon process. So, how do I send data from the PC to the Android-phone?
I imagine it is done using GCM. You could implement something like that using Firebase Cloud Messaging (FCM).
This lets you send a Notification with a data payload from a server to a phone.
The flow would be something like this:
1) You try to login to the web application using a computer.
2) The application server sends to the fcm server a code for your userid.
3) The FCM server looksup your userid and targets your phone (using the registerd token you will have to register when implementing FCM in your android app) to send the code.
4) You receive the code on your phone as a notification or in-app push message.
5) You enter the code in the web application through the computer.
6) The web application validates the code entered by the user against the code sent to the fcm server, and grants or rejects access.