Two Factor Authentication (2FA)

• Learn More
• Installation
• Plugin Configuration
  • Advanced Configurations
  • Custom Settings Page
• Events
• Screenshot
  • 2FA Authentication
  • 2FA Recovery
  • 2FA Disabled
  • 2FA Setup
  • 2FA Enabled (Recovery Codes)
• Testing
• Changelog
• Contributing
• Security Vulnerabilities
• Credits
• License

Add two-factor authentication to new and existing Filament applications.

#Learn More

Filament Two-Factor Authentication Demo — Filament Daily

#Installation

Below, you'll find documentation on installing this plugin. If you have any questions, find a bug, need support, or have a feature request, please don't hesitate to reach out to me at stephenjudesuccess@gmail.com.

You can install the package via composer:

composer require stephenjude/filament-two-factor-authentication

Add the TwoFactorAuthenticatable trait to your application's authentication model and implement the HasPasskeys trait:

namespace App\Models;

use Spatie\LaravelPasskeys\Models\Concerns\HasPasskeys;
use Stephenjude\FilamentTwoFactorAuthentication\TwoFactorAuthenticatable;

//...

class User extends Authenticatable implements FilamentUser, HasPasskeys
{
    use TwoFactorAuthenticatable;
    
    //...

⚠️ Passkey implementation is using the spatie/laravel-passkeys package under the hood.

Install the plugin migration using:

php artisan filament-two-factor-authentication:install

Optionally, you can publish the views using

php artisan vendor:publish --tag="filament-two-factor-authentication-views"

#Plugin Configuration

Add two-factor authentication plugin to a panel by instantiating the plugin class and passing it to the plugin() method of the configuration:

...
use Stephenjude\FilamentTwoFactorAuthentication\TwoFactorAuthenticationPlugin;
 
public function panel(Panel $panel): Panel
{
    return $panel
        ->plugins([
            TwoFactorAuthenticationPlugin::make()
                    ->enableTwoFactorAuthentication() // Enable Google 2FA
                    ->enablePasskeyAuthentication() // Enable Passkey
                    ->addTwoFactorMenuItem() // Add 2FA menu item
                    ->forceTwoFactorSetup() // Force 2FA setup
        ])
}
...

#Advanced Configurations

use Stephenjude\FilamentTwoFactorAuthentication\TwoFactorAuthenticationPlugin;
use Stephenjude\FilamentTwoFactorAuthentication\Middleware\ForceTwoFactorSetup;
use Stephenjude\FilamentTwoFactorAuthentication\Middleware\TwoFactorChallenge;

TwoFactorAuthenticationPlugin::make()
        ->enableTwoFactorAuthentication(
            condition:  true, // Enable Google 2FA 
            challengeMiddleware:  TwoFactorChallenge::class, // Middleware to challenge user with 2FA
        ) 
        ->enablePasskeyAuthentication(
            condition:  true, // Enable Passkey 
        ) 
        ->forceTwoFactorSetup(
            condition:  true, // Force 2FA setup for all users
            requiresPassword:  true, // Require password during setup
            forceMiddleware:  ForceTwoFactorSetup::class, // Middleware to enforce 2FA
        )
        ->addTwoFactorMenuItem(
            condition:  true, // Show 2FA on the user menu item
            label:  '2FA', // Menu item label   
            icon:  'heroicon-s-key', // Menu item icon
        )
])

#Custom Settings Page

If your application already has a user profile page, you can add a 2FA settings to your profile page view:

<x-filament-panels::page>
    @livewire(\Stephenjude\FilamentTwoFactorAuthentication\Livewire\TwoFactorAuthentication::class)

    @livewire(\Stephenjude\FilamentTwoFactorAuthentication\Livewire\PasskeyAuthentication::class)
</x-filament-panels::page>

#Events

This package dispatches events which your application can subscribe to. You can listen to these events inside your EventServiceProvider class:

use Stephenjude\FilamentTwoFactorAuthentication\Events\{RecoveryCodeReplaced,RecoveryCodesGenerated,TwoFactorAuthenticationChallenged,TwoFactorAuthenticationConfirmed,TwoFactorAuthenticationDisabled,TwoFactorAuthenticationEnabled,TwoFactorAuthenticationFailed,ValidTwoFactorAuthenticationCodeProvided};

protected $listen = [
    TwoFactorAuthenticationChallenged::class => [
        // Dispatched when a user is required to enter 2FA code during login.
    ],
    TwoFactorAuthenticationFailed::class => [
        // Dispatched when a user provides incorrect 2FA code or recovery code during login.
    ],
    ValidTwoFactorAuthenticationCodeProvided::class => [
        // Dispatched when a user provides a valid 2FA code during login.
    ]
    TwoFactorAuthenticationConfirmed::class => [
        // Dispatched when a user confirms code during 2FA setup.
    ],
    TwoFactorAuthenticationEnabled::class => [
        // Dispatched when a user enables 2FA.
    ],
    TwoFactorAuthenticationDisabled::class => [
        // Dispatched when a user disables 2FA.
    ],
    RecoveryCodeReplaced::class => [
        // Dispatched after a user's recovery code is replaced.
    ],
    RecoveryCodesGenerated::class => [
        // Dispatched after a user's recovery codes are generated.
    ],
];

#Screenshot

#2FA Authentication

#2FA Recovery

#2FA Disabled

#2FA Setup

#2FA Enabled (Recovery Codes)

#Testing

composer test

#Changelog

Please see CHANGELOG for more information on what has changed recently.

#Contributing

Please see CONTRIBUTING for details.

#Security Vulnerabilities

Please review our security policy on how to report security vulnerabilities.

#Credits

• stephenjude
• All Contributors

#License

The MIT License (MIT). Please see License File for more information.