Implementing 2 Factor Authentication(2FA)

Implementing 2FA with Node.js and Authy

  1. Create your API Key on Authy Dashboard
  2. Create a simple Node.js application
  3. Create Registration API
  4. Create Verification API

1. Create your API Key on Authy Dashboard

To create your API key, you have to sign in to Authy Dashboard. Authy is a service provided by Twilio specifically for 2 Factor Authentication and a few more interesting things in this domain. You can read more about Authy and Twilio on their website.

login to Authy with email and password or via signing in with Twilio
login to Authy with email and password or via signing in with Twilio
Enter Authy token
Enter Authy token
  1. Click on “+ New Application” link at the bottom of the navigation panel.
  2. This will open up a dialog box. Let’s call our application “test-app”.
  3. This will take you to the API tutorial page. You can either start learning about how the Authy API works or go to your application dashboard. For the scope of this post, let’s go to the dashboard.
  4. Here you can see two keys — (a) API key for Production and (b) API key for Testing. For playing around and trying things out you can use the latter.
Authy API Keys
Authy API Keys

2. Create a simple Node.js application

Let’s quickly create a simple Node.js application.

  • Create a folder called 2fa-app and go to that folder from the terminal.
  • Run npm init -y. This will create a Node.js application skeleton(mainly package.json file). The -y option will answer yes to all the questions on the terminal.
create a simple node.js application
create a simple node.js application
  • Run npm install express body-parser authy — save command to install express, body-parser and authy. — save will save them to the package.json file.
Install dependencies
Install dependencies
  • Create a file from the terminal called app.js
create app.js
create app.js
  • Add following code to app.js
var express = require('express');
var app = express();
var router = express.Router();
var bodyParser = require('body-parser');

var port = process.env.PORT || 8080;
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json());

app.use('/api', router);

router.get('/', function(req, res) {
res.json({ message: 'Hey there!' });
});

app.listen(port);
console.log('Server started on port - ' + port);
run app.js
api is up and running
api is up and running
  • Hurray! Now you have a node application is running with a simple API.

3. Create registration API

Add following code to app.js to create registration api. Replace ‘your-auth-key’ with the the API key we created in step #1.

var authy = require('authy')('your-auth-key');
router.get('/register', function(req, res) {
console.log('New register request...');
var isSuccessful = false;

var email = req.param('email');
var phone = req.param('phone');
var countryCode = req.param('countryCode');
authy.register_user(email, phone, countryCode, function (regErr, regRes) {
console.log('In Registration...');
if (regErr) {
console.log(regErr);
res.send('There was some error registering the user.');
} else if (regRes) {
console.log(regRes);
authy.request_sms(regRes.user.id, function (smsErr, smsRes) {
console.log('Requesting SMS...');
if (smsErr) {
console.log(smsErr);
res.send('There was some error sending OTP to cell phone.');
} else if (smsRes) {
console.log(smsRes);
res.send('OTP Sent to the cell phone.');
}
});
}
});
});

4. Create verification API

The registration API sent you an OTP on your registered cell phone number. Now it’s time to verify the OTP. Let’s create an API for verification. Add following code to your app.js -

router.get('/verify', function(req, res) {
console.log('New verify request...');
var id = req.param('id');
var token = req.param('token');

authy.verify(id, token, function (verifyErr, verifyRes) {
console.log('In Verification...');
if (verifyErr) {
console.log(verifyErr);
res.send('OTP verification failed.');
} else if (verifyRes) {
console.log(verifyRes);
res.send('OTP Verified.');
}
})
});
registered users on Authy

--

--

I am a Software Engineer from India and working in Berlin, Germany. I write about technology, my experiences in Germany, travel in Europe.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rishikesh Dhokare

I am a Software Engineer from India and working in Berlin, Germany. I write about technology, my experiences in Germany, travel in Europe.