How to make two-factor authentication in Laravel

In this tutorial you can learn how to implement two-factor authentication in Laravel. You can follow the step by step guide to implement it

What is two-factor authentication?
Two-factor authentication is a mechanism to provide additional security to your login system. In addition to username and password you have to provide the token which will be sent to your phone as a SMS.

You can use the Auty for two-factor authentication but here we will do it from scratch

  1. Install the Laravel

  2. Add custom field to registration form

  3. Add fields to users table

  4. Generate token

  5. Send token to phone

  6. Add PhoneVerification middleware

  7. Create phone verify controller

1 Install the Laravel.

To start this tutorial you can install fresh Laravel project in your web server. If you new to Laravel you can read this tutorial. This has the steps for installation

2 Add custom fields to registration form

We need to add phone field to the registration form. So you can open the resources\views\auth\register.blade.php and add the following code. This should be placed just below the E-mail field

Now you can see the Phone field in registration form. You can enter the phone number to receive token via SMS

3 Add extra field to database

We need to add some fields to database for two factor authentication implementation
I am going to add phone field to hold the phone number, code field to store the token sent to the mobile device and isverified field for storing the status of the verification

I am going to use following artisan command to create database migration file

This will create migration file at database\migrations folder. Now lets add code to add fields

4 Generate Token

We can use random key generator to generate token

You have generate the token inside the create method of RegisterController in App\Http\Controllers\Auth

5 Send token to phone

Once you generate the token you have to send it to phone and store it in the users table. You can use Nexmo API to send SMS
You can install the php client library

You can add Nexmo\Laravel\NexmoServiceProvider to the providers array in your config/app.php

You can put the key and secret in your .env file.

Now you can add following code inside the create method to send token via SMS

This will send the SMS and phone number and token will be stored in users table in database

6 Add PhoneVerification middleware

Upto this point you have generated the token and send to mobile device when user regitser in the application first time.
Now when user tries to open the login page he should be prompted to enter the token and it should be validated with entry in the users table

I will create a middleware to check whether user has verified his phone number with token

To create the middlewre run the following command at your terminal

You can add the following code to App\Http\Middleware\PhoneVerification.php file

Next I am going to assign this middleware as a route middleware. You can add the following code to Kernal.php file in App\Http

7 Create phone verify controller

In this, you can create controller to view the form to enter the token. First we will create the controller and then we will create the view

Now you can add the following two actions to the controller

You can see two action in this code. Action verify() will show you the form and action verifySubmit() will verify the user submitted value

Your routes\web.php file shouls have following entry

Finally resources\views\verify.blade.php will have following code to display the form

You will see the following screen after you login to the system