How to call Google Authenticator for two-factor authentication

Hi, Team

How to use Community Server API to call Google Authenticator for two-factor authentication login and obtain a token, could you provide a detailed example, please!

Thanks



I have connected my google drive account, and I’d like to know how to set values for “code”, “provider”, “accessToken”, and “codeOAuth”, Thx

Anyone can help me.

Hey @jm.zhang

image

If you haven’t used one of your social accounts at Google, Facebook, Twitter, or LinkedIn to login to the portal.

To obtain a Two-factor authentication token using POST api/2.0/authentication/{code}, you only need:

  1. code from Google Authenticator (code)
  2. User name or email (userName)
  3. Password (password)

To obtain it using curl, use the following command:

curl --request POST --header “Content-Type: application/json” --data “{“username”:“your@mail.com”,“password”:“yourPassword”}” “portalNameOrIP/api/2.0/authentication/code.json”

“provider”, “accessToken”, and “codeOAuth” are used for authorization through social accounts.

Passing authentication

Authenticate a user

Authenticate a user by code

If that’s not what you meant, please let me know.

Thanks for your reply, according to your meaning, to obtain a Two-factor authentication token via community server API, I need:

  1. curl --request POST --header “Content-Type: application/json” --data “{“username”:“my@mail.com)”,“password”:“myPassword”}” “portalNameOrIP/api/2.0/authentication/code.json”
    then, I should get a code in the response.

  2. POST api/2.0/authentication/{code}.

but from begining I failed,

I can ensure that url, username and password are right.

Have I done something wrong?

All right, let me get this straight.

  1. Do you want to connect 2FA for the portal?
  2. or do you want to get an authorization token to use the API requests?

I want to get a token to use Community server API requests for administrator, and let general users connect 2FA for the portal

  1. Enabling two-factor authentication by authenticator app for all portal users:

Under the ADMINISTRATOR account, perform the following actions:
Settings > Security > Portal Access > Two-factor authentication > By authenticator app > Save

2.1 Connect Google Authenticator to your account.

2.2 After that, to obtain a token to use Community server API requests for the administrator, follow the instructions:
Authenticate a user by code

I have developed a backend APP that automatically uploads files, the APP use Community server API.

I would like to enable 2fa and still be able to upload files automatically without having to enter the code manually, do you have any suggestions?

Hey, @jm.zhang

  1. Has the question from the main topic been resolved?
  2. What problems are you facing now?:slight_smile:

No, I want to get an authorization token automatically under enable 2fa condition in my backend APP.

but I can’t get it automatically following your instructions, because I need to open “google authenticator APP” manually on my cellphone, check code, and enter the code into my APP

Understand.
Perhaps Google has an API that allows you to take this code from the application

I agree, but the token is valid for a whole year after request.

"expires":"2024-05-23

Hi, Nikolas

I have one more question: is this secret key constant forever?

If it’s not constant , how often does the secret key change?

hey, @jm.zhang

This is the key for the mobile app.
It is issued after applying the setting
Two-factor authentication > By authenticator app for each account.

Changes when 2FA is reset