Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
POTP implementation
#1
To avoid reinventing the wheel, has anyone implemented, or seen it implemented anywhere else, a complete TOTP authentication implementation (preferably in Delphi / IntraWeb), from enrolling users with QR codes, secret storage, code validation, etc.? Hopefully also complete with a Windows Service, or some ASP/JSP/PHP back-end? - all the components are generally available, it’s just rolling it all into a complete product that would take time I’m trying to save. There are a few mobile apps that can be freely used for the client side, which seems like a good motivation to piggy back on that.

Alexandre, can you add something along these lines into the standard IW? - it will need a QR component and maybe a new authentication scheme?
Reply
#2
(12-21-2023, 02:17 PM)iwuser Wrote: To avoid reinventing the wheel, has anyone implemented, or seen it implemented anywhere else, a complete TOTP authentication implementation (preferably in Delphi / IntraWeb), from enrolling users with QR codes, secret storage, code validation, etc.? Hopefully also complete with a Windows Service, or some ASP/JSP/PHP back-end? - all the components are generally available, it’s just rolling it all into a complete product that would take time I’m trying to save. There are a few mobile apps that can be freely used for the client side, which seems like a good motivation to piggy back on that.

Alexandre, can you add something along these lines into the standard IW? - it will need a QR component and maybe a new authentication scheme?

I am currently working on this. Found some units online.  I started tinkering  with desktop app first and Google authenticator.  I need to review what I did and confirm which site I got the source from so I can replicate  and try in an IW app.   

Here are two sites I used  

https://github.com/wendelb/DelphiOTP

https://github.com/foxitsoftware/DelphiZXingQRCode

Once I have simple IW app working I will share it. (probably after the holidays, my office turns into a guestroom tomorrow night )

Cheers!
Reply
#3
You need to generate a QR code from your application and show it on a page (something that the web version of WhatsApp does) or do you need to read it from your application (the browser) using the mobile camera?
Reply
#4
(12-21-2023, 07:20 PM)Alexandre Machado Wrote: You need to generate a QR code from your application and show it on a page (something that the web version of WhatsApp does) or do you need to read it from your application (the browser) using the mobile camera?

Generate & display. There are good free authentication apps that would scan & register it. I'm actually doing exactly what lfeliz has suggested and have a working prototype.

It's really not a big task as such, so no biggy.

I was at first trying to do push notifications, but that seems impossible with either Microsoft or Google authenticators. Maybe possible with Authy, but not free. May also be possible through Azure, even at free level, in a multi-tenant kind of way, I'll need to explore it to get a feel...

And of course, this spills outside IW, because you also need to generate a secret, store it somewhere, display all that somehow, etc. So, no silver bullet, just takes some typing ;-)

Great minds think alike ;-)

I'm actually doing exactly what you have suggested, same exact components, and have a working prototype already. In my case, it was harder to organise the secret storage and then plug all that into the overall application workflow to allow for the user input and error handling around it.

So now, I only wish it was all in IW already, without the need to search for it and maybe even with a ready visual component for display.
Reply
#5
If you have a working proof of conecept that you can share, I can have a look and see what should incorporated into IW or at least made easier to work with.

Feel free to send to my email alexandre at atozed dot com
Reply
#6
Incidentally, is anyone doing WebAuthn with IntraWeb?
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)