Custom Conditions for Two-Factor Authentication
Warning: You are browsing the documentation for version 6.x which is not maintained anymore. If some of your projects are still using this version, consider upgrading.
In your application, you may have extra requirements when to perform two-factor authentication, which goes beyond what
the bundle is doing automatically. In such a case you need to implement
1 2 3 4 5 6 7 8 9 10 11 12
<?php
use Scheb\TwoFactorBundle\Security\TwoFactor\AuthenticationContextInterface;
use Scheb\TwoFactorBundle\Security\TwoFactor\Condition\TwoFactorConditionInterface;
class MyTwoFactorCondition implements TwoFactorConditionInterface
{
public function shouldPerformTwoFactorAuthentication(AuthenticationContextInterface $context): bool
{
// Your conditions here
}
}Register it as a service and configure the service name:
1 2 3
# config/packages/scheb_2fa.yaml
scheb_two_factor:
two_factor_condition: acme.custom_two_factor_conditionBypassing Two-Factor Authentication
If you simply wish to bypass 2fa for a specific authenticator, setting the
TwoFactorAuthenticator::FLAG_2FA_COMPLETE attribute on the security token will achieve this.
For example, if you are building a custom Authenticator this would bypass 2fa when the authenticator is used:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
<?php
namespace Acme\Demo;
use Scheb\TwoFactorBundle\Security\Http\Authenticator\TwoFactorAuthenticator;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
use Symfony\Component\Security\Http\Authenticator\Passport\PassportInterface;
class MyAuthenticator extends AbstractAuthenticator
{
public function createAuthenticatedToken(PassportInterface $passport, string $firewallName): TokenInterface
{
$token = parent::createAuthenticatedToken($passport, $firewallName);
// Set this to bypass 2fa for this authenticator
$token->setAttribute(TwoFactorAuthenticator::FLAG_2FA_COMPLETE, true);
return $token;
}
// ...
}