stackoom
  简体   繁体   中英

How do I find my secret Key to add my Authy Application to clients phones?

 原文  2017-06-09 18:59:19       php/ authentication/ authy

Question

After setting up MFA, most clients have the account automatically added to their Authy app.

For others, they are trying to add the account by clicking Settings >> Add Account. It then asks them to scan a QR-Code or manually enter a key .

As the developer, I cannot for the life of me find out how to get this key or QR-Code. I have read through the docs entirely.

What am I missing? I am using the PHP SDK.

1 answers

solution1
 2 ACCPTED  2017-06-19 06:47:45

Authy developer evangelist here.

With Authy, the secret key is not exposed to you, the developer, for security reasons. It is only shared with the user directly via the application, without them having to do anything, as you described. Authy, in fact, manages the keys between the app and the user more than just on the first occasion, as keys can be rotated regularly without your or the user's intervention.

If a user is finding that they have signed up to your site but your application isn't appearing in their Authy app then a couple of things might have happened.

  • Their phone may not be on a network at the time they signed up, leading to them not being able to receive the secret key from Authy

This should resolve itself over time as the user will eventually get their phone back on a network. You might consider suggesting they install Authy Desktop to use their desktop computer to authorise.

Alternatively, you could ensure they get a token and finish registering with your site by giving them the option to receive the token over SMS and forcing the token to be sent over SMS, using the force parameter when requesting a token .

  • They may have signed up to your 2FA using a different phone number than the one they initially signed up to Authy with.

For this, again, you may want to give them the option to receive a token by SMS. Or get the user to check their Authy account settings in the application and perhaps re-enter their phone number.

Overall, you won't get access to the secret or a QR code as that is not how Authy manages the secrets. Instead, either give the option to receive an SMS or get them to install an application on a device that has a connection.

Let me know if that helps at all.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do I post tweets to my own twitter application using the Twitter supplied token/secret? How do I force phones to recognize international numbers on my website? How do I create environment variables to protect my Google Maps API Key(or any other secret value) for my website? How do I sign into my clients Wordpress admin? I forgot my AmazonAWS secret key, but I have a couple HMAC signed requests. How can I How do I send a user token via SMS with Authy and PHP? How do I find my accounts Google Service Account Key File? OAuth2 - my access token is a server-side secret, yes, so how do I use it with AJAX? How do I add an overlay to my OpenStreetMap How do I add a decimal to my number?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM