A 4D implementation of Google Authenticator. This can be compiled into a component or simply incorporated into your v18+ code to allow you to use the Google Authenticator.
This implimentation uses an online service to produce the QR code. This presents a vulnerability in that the QR code could be saved by authenticatorapi.com though they wouldn't know what it's for.
This is called pairing and you use the Pair
method. It is required one time but may be called more, for example if a user gets a new phone. The user simply needs to download the app to their phone, open it and click the add button.
You pass an object to the Pair
method containig 3 values:
- your application name
- the user name
- a secret specific to the user. A UUID is a good candidate but any string will do.
For example:
$params:=New object
$params.appName:="MyApp Name"
$params.appInfo:="user name"
$params.appSecret:="thx1138" // this should be unique to each user - like their PK UUID
Pair ($params)
That's it. The user is set up and there is nothing you need to store.
After the user enters their password call the Validate
method. In this case you pass an object with the secret for this user. The user has 4 chances to enter the correct authentication code before the method fails.
Example code for this:
If (Validate (New object("appSecret";"thx1138")))
ALERT("User Validates!")
Else
ALERT("User not validated.")
End if