I’ve been recently involved in a Symfony project where the login process had to support 2-factor authentication with Yubikeys for certain users of the application. This post describes the steps that I followed to implement this feature in Symfony.
Before diving into the details and code snippets, I’ll describe the two main requirements of the task:
- Not every user in the system has a Yubikey, so 2-factor authentication (2FA) is not enforced sitewide.
- The fact that a user has a Yubikey and is required to authenticate with it, is private information, which means a partial authentication has to be performed before asking the user to perform the Yubikey authentication.
- Basic authentication is already implemented in the application against an LDAP instance, via the IMAG LdapBundle.