Two Factor Authentication
For business that require extra security for their customer, Freshcom allow you to use two factor authentication (TFA). If you are selling a secret weapon, you probably want to use this to be double sure the customer is who they say there are.
In order to actually send the verification code needed for TFA to the customer's email or phone number you must create a notification trigger for the appropriate event. Please see our guide on notification for sending email and text message.
Enable TFA
TFA is enabled on a user specific level, meaning you can have one user using TFA and another not using TFA. There are two method of TFA:
SMS TFA - The one time password is sent using text messages, this method require the user have a verified phone number.
Email TFA - The one time password is sent using email, this method require the user to have a verified email address.
You can also make TFA as the default method for your entire account by changing the default authentication method settings through the Dashboard. Note that changing this will not effect existing user's it will only effect new user.
You can enable a TFA for a user through the Dashboard by changing the authentication method of the user or customer. Note that when you are changing a customer's authentication method through the Dashboard you are actually changing the associated user's authentication method of that customer. If you take a look at our API reference you will notice the customer resource itself does not actually have a authentication method field.
You can also prompt your customer to enable TFA in your client side application. If the customer already have all the required information verified, then this can be enable directly updating the authentication method of their associated user resource.
If they do not have the require information, then depending on the TFA method there are a few extra step needed to get their information verified.
Prompt the customer to enter the required information, phone for SMS TFA or email for Email TFA.
Create a phone verification code or a email verification code.
Prompt the customer to enter the verification code.
Submit the code together with the updated information.
Register a Customer with TFA
Registering a customer with TFA require a few extra steps compare to registering a customer without TFA.
Prompt the customer to enter the required information, phone for SMS TFA or email for Email TFA.
Create a phone verification code or a email verification code.
Prompt the customer to enter the verification code.
Submit the code together with the all the other information.
(optional) Login the customer.
Note the one time password is the same a the phone verification code only creating a registered customer or when updating a guest customer to a registered customer.
Login a Customer with TFA
Login a customer with TFA is a 3 step process:
Prompt user to enter their username and password.
Attempt to create a access token to trigger a creation of one time password.
Prompt the user to enter the one time password.
Create access token using the username, password and one time password.
Next Step
Last updated