[Library] TFA_SAMP - 1st two-factor authentication method for SA-MP.

[GiamPy]

TFA_SAMP - 1st two-factor authentication method for SA-MP.

A huge thanks to Authy (https://www.authy.com/) for providing the web APIs.

Include release under GPL v2 OSL (open source license) - click here for more information.

Part of the include is made in PHP.



Hello everyone.



Recently I was thinking of a new include to release, and I thought about a two-factor authentication method for SA-MP, something like it has never existed before. This include does not directly provide the authentication method, it is just a way to communicate with the service that provides so, which in this case is Authy.



Authy provides also free-plans for development or fairly small communities.

Visit https://www.authy.com/ for more information.



If you don't know what a two-factor authentication method is, read this page.



However, here's a short description.

Multi-factor authentication (also MFA, Two-factor authentication, TFA, T-FA or 2FA) is an approach to authentication which requires the presentation of two or more of the three authentication factors: a knowledge factor ("something only the user knows"), a possession factor ("something only the user has"), and an inherence factor ("something only the user is"). After presentation, each factor must be validated by the other party for authentication to occur.

This include allows you to communicate with API requests to Authy's servers and to use your cellphone as second factor, which is the possession factor. In order to be it two-factor, thus increasing the account' security, you must ask for the password and the token sent via SMS or taken by the phone application.



So, what is Authy? Authy is what gives us the API to communicate with the server and to send the SMS / verify the token taken by your phone.



If you are worried about security, the API requests through the production method are sent through HTTPS requests, and all the information are not saved in any TFA_SAMP database but in Authy's databases which are completely safe and secure.

GitHub

Available Functions

• TFASAMP_prepareConnection(host[], password[], api_key[], type[] = "production", bool:tfa_debug = false)
  
  
• TFASAMP_createUser(playerid, email[], cellphone[], area_code[] = "1")
  
  
• TFASAMP_verifyToken(playerid, user_id, token[], bool: force = true)
  
  
• TFASAMP_setPlayerUserID(playerid, userid)
  
  
• TFASAMP_getPlayerUserID(playerid)
  
  

Available Callbacks

• TFASAMP_OnTokenVerify(playerid, result)
  
  

Documentation



You may find here the updated functions documentation.



Example



You may find an example of the include here.

[Kar]

Awesome, but no offence authy is kinda dumb. No way to recover if you lost your found... or did they fix this yes?



Google auth is needed :O

[GiamPy]

There are ways to backup and even secure your TFA on the cloud.



https://authy.com/features/backup/

https://authy.com/features/multiple-devices/

[Kar]

That's new.

[iSpark]

A little guide to set everything up would be really helpful

[GiamPy]

You have an example of how to set it up here: https://github.com/GiampaoloFalqui/TFA_S...xample.pwn

Code:

/*

* TFASAMP_prepareConnection

* This function prepares the connection to your hosting in order to request the APIs.

*

* host[] ? ? ? ? = Your webhosting link and the directory, if any (without http://).

* password[]? ? ?= The password to use the PHP files to communicate with the APIs.

* api_key[] ? ?? = You may find it in your Authy's dashboard.

* type[] ? ? ? ? = Choose your connection type between 'development' and 'production'.

*

* @returns false if failed, true if success.

*/

and you're good to go.

[DTV]

I like what's done here but honestly I don't see how this would be used practically. Good work otherwise :thumbs_up:

[GiamPy]

It's useful especially when you want to force your server administrators to use two-factor authentication for security purposes, or if you want to give users the chance to have more security in their account.

[Y_Less]

About time there was one of these. Small note, the normal TLA for this is "2FA", not "TFA":



https://duckduckgo.com/html?q=TFA

https://duckduckgo.com/html?q=2FA