> I think 2FA is best implemented with LiveView, so there is at least a discussion on how we would integrate it. For example, would we move all of settings to LiveView? Or would we simply render the 2FA widget?
I assume here you mean the part where the user has to scan the QR-code? In our app we have done this in LiveView because the whole app is implemented in LiveView :), but I think using just regular server-side rendered views is fine as default, or are there specific advantages of LiveView for this usecase that I'm missing here?
> Should we try to componentize the 2FA bits
As dependencies we used nimble_totp (thanks for that ;)) and eqrcode. Different from the password hashing libraries I think it's ok to use a hardcoded set of dependencies (for now) because choosing different dependencies (in theory) should not change the behavior. TOTP and QR-codes are more or less "standardized", whereas bcrypt vs pbkdf2 gives you different limitations and security properties. Overall, I think configuration for the TOTP specifics (period, uri label, issuer, etc.) would be sufficient but I'd love to hear your opinion on this.
> If you are willing, it could be really helpful if you wrote an article on your process. It could serve as documentation for you and help others. :)
That's a great idea! I think we'll try applying our 2FA approach on a fresh phoenix 1.6 project and write an article about it.
Op dinsdag 31 augustus 2021 om 11:11:12 UTC+2 schreef José Valim: