2fa google authenticator? with Guardian

I thinking about to throw in 2fa into my application using Google Authenticator API.
Has someone here integrated 2fa nicely with Guardian?

Im looking where to start, write my own plug of go with ueberauth?
The idea is to do regular authentication with Guardian and then kick the application to a 2FA authentication page. But im not sure where to start …

I maintain a one-time password library that integrates with Ecto.

I haven’t used it with Guardian, so I can’t help you there. As for the workflow, I’m working on a guide to that at the moment - for another library I maintain. I’ll let you know when I get it ready.


Guardian has nodda at all to do with Google style 2fa. Guardian is a way to encode a JWT/Token for cross domain message passing, it is not an authentication thing.

You could do it in Ueberauth pretty easily though, it would fit in a strategy if using a library like what @riverrun has inside it.

1 Like

I’m interested in implementing 2FA myself. I see it only as an extra step during login, not something to integrate with Guardian to verify on every request. E.g. if the token verification succeeds, then use Guardian to sign-in user. If someone could share a tutorial it will be much appreciated!

From the Guardian repo:

An authentication library for use with Elixir applications.


1 Like

Yep yep, and as I keep saying all over the place, it is not an authentication library, it is a JWT library (with some phoenix token support now I hear). You can of course pass authentication data from another source around inside it, but you could do that via a variety of other methods too. :wink:

Ueberauth is an authentication library however.

1 Like

I am new to Elixir (using Phoenix specifically) but I’m going to try to implement https://github.com/yuce/pot which is an Erlang library for generating time based passwords.

I’ve used https://github.com/speakeasyjs/speakeasy for Node.js and am going to hopefully make it as easy to use. If there’s any interest I’ll modularize the Elixir/Phoenix components and throw it on Github.

Edit: I think forking @riverrun’s OTP library is the better strategy for now, so going to go down that path!

1 Like