Push notifications is another way to enable optional two-factor authentication in a user's account. This method is far less intrusive compared to the two other methods covered previously:
- Password-based authentication
- Optional two-factor authentication
- Twilio Authy API to enable two-factor authentication
- Flask login for password-based authentication
- Flask web framework
- Flask bootstrap for styling and cross-browser responsiveness
- Flask WTF for creation of secure web forms
- Flask sqlalchemy for database creation
- Flask migrate to handle database migrations
- Email Validator to validate emails
- Flask moment for pretty timestamps
- qrcode to generate QR Codes
- pyjwt for token generation
- pyngrok for localhost testing
- Smartphone
- Authy app
- Click Register
- Log in yourself
- Go to the Profile page
- Click on Enable two-factor authentication link
- Download the Authy app
- Click the Enable 2fa button and follow the instructions
- You have just enabled two-factor authentication for your account!
- Click Logout on the top-right of the navbar
- Log in yourself again
- Check the notification on your Authy app.
- Click Approve or Deny
- Create a free Twilio account now
- Click on Twilio Console
- Click on "All Products and Services" on the menu on the far left
- Click Authy
- Click "Create Application" button
- Provide a name for your application and click Create button
- From Settings, you will see Application Name, Application ID and Production API Key. Save these somewhere safe for later.
- Clone this repository:
$ git clone git@github.com:GitauHarrison/push-notification-2fa-in-python-and-flask.git
- Move into the cloned directory:
$ cd push-notification-2fa-in-python-and-flask
- Create and activate your virtual environment:
$ mkvirtualenv twilio_authy
- Install all the dependencies used in this application:
(twilio_authy)$ pip3 freeze > requirements.txt
- Before you can run your server, remember to create a
.env
file following the guidance seen in the.env-template
. Create a.env
file in the root directory:
(twilio_authy)$ touch .env
- Update the
.env
file with all the necessary details. Remember to add your Application Name, Application ID and Production API Key codes:
AUTHY_APP_NAME=
AUTHY_APP_ID=
AUTHY_PRODUCTION_API_KEY=
- Run the flask server:
(twilio_authy)$ flask run
Once your application is running, you can access your localhost on http://127.0.0.1:5000/. Additionally, if you look carefully in your terminal, you will see: * Tunnel URL: NgrokTunnel: "http://4209c9af6d43.ngrok.io" -> "http://localhost:5000"
The HTTP value may be different from the one shown here because I am using the free tier package of ngrok
. Paste the link http://4209c9af6d43.ngrok.io on another device, say your mobile phone, to test the application while it is on localhost.
Another way to obtain ngrok
's free public URLs would be to run the command below in a new terminal window:
(twilio_authy)$ ngrok http 5000
# Output
ngrok by @inconshreveable (Ctrl+C to quit)
Session Status online
Session Expires 1 hour, 58 minutes
Version 2.3.35
Region United States (us)
Web Interface http://127.0.0.1:4042
Forwarding http://6e95e59c2233.ngrok.io -> http://loc
Forwarding https://6e95e59c2233.ngrok.io -> http://lo
Connections ttl opn rt1 rt5 p50 p9
0 0 0.00 0.00 0.00 0.
Note the lines beginning with 'Forwarding'. These show the public URLs that ngrok
uses to redirect requests into our service. This method provides you with https://
.
- Click Register to create a new user
- Log in the user
- Go to the Profile page
- Click on Enable two-factor authentication link
- Download the Authy app
- Click the Enable 2fa button and follow the instructions
- You have just enabled two-factor authentication for your account!
- Click Logout on the top-right of the navbar
- Log in the user again
- Check the notification on your Authy app.
- Click Approve or Deny
If you would like to incorporate this feature, try it out by creating your own project. You can follow this push notification in flask guide.