Multi-Factor Authentication
I want to force users to use MFA such as a phone number or email, does wasp support this out of the box? If not, does wasp support using Auth from e.g. Clerk? Users ATM will use their microsoft accounts to login so google / github / discord aren't suitable.
Thanks!
6 Replies
Wohooo @simsima, you just became a Waspeteer level 1!
Hi @simsima. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
Based on the provided knowledge sources, I can offer the following information regarding your question about Multi-Factor Authentication (MFA) in Wasp:
Currently, Wasp does not support MFA out of the box for its built-in authentication system. There is an open GitHub issue discussing the addition of multi-factor authentication support, but it's not yet implemented Add support for multi-factor auth to authentication (https://github.com/wasp-lang/wasp/issues/1476).
Regarding using external auth providers like Clerk, Wasp doesn't have native support for it. Wasp currently supports email/password, Google, and GitHub authentication methods Docs > Auth > Social-auth > Overview (https://wasp-lang.dev/docs/auth/social-auth/overview).
For your specific case of using Microsoft accounts, Wasp doesn't have built-in support for this authentication method either.
However, it's worth noting that you could potentially implement your own custom authentication solution within a Wasp project. One community member suggested a way to implement phone verification manually, which could be adapted for MFA Discord support thread: phone verification? (https://discord.com/channels/686873244791210014/1212918823502741504). But this would require significant custom development and wouldn't be an out-of-the-box solution.
Given your requirements for Microsoft account login and MFA, you might need to consider alternative authentication solutions or wait for future updates to Wasp's authentication capabilities. The Wasp team is aware of the need for more authentication options and is working on expanding them, but there's no specific timeline for when Microsoft auth or MFA might be available.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @simsima, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?
Supporting 2FA/MFA is on our roadmap! We currently don't support it, but you could in theory create a two step auth process, where after users log in with some auth method, you require them to complete an extra step to be fully logged in (
useAuth and client redirect + server checks if some value in the DB is correct). It would be quite cumbersome IMHO - but it is possible. https://github.com/wasp-lang/wasp/issues/1476
Auth with Microsoft is not supported out of the box - but this is something you can contribute if you have time e.g. @wardbox did Discord: https://github.com/wasp-lang/wasp/pull/2110
Or you could implement it on user level e.g. Spotify for example: https://gist.github.com/infomiho/3c63de7d53aba59d6293bcb59501a029GitHub
Add support for multi-factor auth to authentication · Issue #1476 ·...
https://discord.com/channels/686873244791210014/1159564569547649115/1159567887497969745 -> user said they would want to have multi-factor auth in order to use wasp in production. We should look ...
GitHub
2016/discord: Add discord auth to social auth providers by wardbox ...
Description
Adds discord auth to social auth providers. Contributes to #2016 but doesn't fix.
Select what type of change this PR introduces:
Just code/docs improvement (no functional ch...
Gist
Implementing custom OAuth provider with Wasp 0.14.1+ (Spotify in th...
Implementing custom OAuth provider with Wasp 0.14.1+ (Spotify in this case) - .env.server
ok great, do you know when it could be launched?
I'll try to implement. Which example is more suitable for creating a Clerk integration? I think that would mostly handle my needs
You can try using Wasp without the built in auth and just integrate Clerk in Wasp by pretending it's just a React app that you want to protect 🙂
Thanks, appreciate the help.