Authy文档Auth-Key和QR码 [英] Authy documentation Auth-Key and QR code

问题描述

我正在尝试通过authy实施2FA，并使用 authy php 库和authy API密钥将用户添加到身份验证中，以便用户可以扫描QR码并在手机中获取我的应用程序身份验证.

Im trying to implement 2FA with authy and using authy php library and authy API key to add users to authy, so that user can scan the QR code nd get my app authentication in phone.

我做了图书馆github页面中提到的文档.用户数据已成功保存，但是我正在获取一些随机数字密钥(由authy为用户生成)存储在数据库中，如果我在应用中输入该密钥，则会显示秘密密钥无效错误，请查看下面的屏幕截图

I did documentation as mentioned in that library github page. User data is saving successfully but im getting some random numeric secret key (which is generated for user by authy) secret to store in database, if i enter that secret in app it is showing secret key is invalid error, Checkout the screenshots below

我们需要输入类似这样的密码，但是如果我手动输入该应用程序显示如下屏幕截图所示的错误，我将获得数字密码

We need to enter secret something like this but im getting numeric secret, if i enter that manually app is showing error like below screenshot

文档如下所示

require_once dirname(__DIR__) . '/extra/Authy/vendor/autoload.php';
$authy_api = new Authy\AuthyApi('MY_API_KEY');
$user = $authy_api->registerUser('email@gmail.com', '9999999999', 91); // (email, phone number, country code)
if($user->ok()){
echo json_encode($user->id());
}else{
foreach($user->errors() as $field => $message) {
printf("$field = $message");
}
}

另一个问题是我如何生成Authy可以理解的QR码?我已经搜索了一些，但没有任何解决方案.请帮助我.

and another problem is how can i generate QR code which Authy can understand? I've searched for some and i didn't get any solutions. please help me.

推荐答案

此处是Twilio/Authy开发人员的福音.

Twilio/Authy developer evangelist here.

我必须道歉，我们这里的文档已经落后了一点.我会尽力帮助.

I must apologise, our documentation here has gotten a bit behind. I'll try to help.

首先，我建议您浏览第二，让我与Authy一起说明您的工作过程.

Second, let me explain the process with Authy with regards to how far you've got.

您已经正确设置了API和凭据，然后使用对$authy_api->registerUser的调用注册了用户.您从该响应中获得的用户ID不应与任何人共享.它是您在Authy数据库中对用户的引用.您应该在注册用户时将该ID存储起来，并在需要发送代码或验证代码的任何时候使用该ID.

You've set up the API and credentials correctly and then you have registered a user using the call to $authy_api->registerUser. The user ID that you got back from that response should not be shared with anyone. It is your reference to your user in the Authy database. You should store that ID against the user that is signing up and use that ID any time you need to send codes or verify codes.

您也不需要使用QR码与用户共享任何内容.要开始两因素身份验证过程，您现在需要调用:

You don't need to use QR codes to share anything with the user either. To start the two factor authentication process you now need to call:

$authy_api->requestSMS($userID);

以您在API中获得的ID作为此代码中的$usedID.

With the ID that you got back from the API as the $usedID in this code.

方法调用表明它将发送一条SMS，但这只是一点点遗留.

The method call suggests that it's going to send an SMS, however that's just a bit of legacy.

• 如果您的用户已经安装了Authy移动应用程序并登录并使用其电话号码对其进行了验证，则Authy将使用其发送给您的代码向该应用程序发送推送通知.您的应用程序将出现在Authy应用程序中，而无需用户执行任何操作(尤其是扫描QR码).
• 如果用户未安装Authy应用，则Authy将向他们发送一条包含该代码的SMS消息.如果要避免发送SMS消息，则需要鼓励用户安装Authy应用.

最后，一旦用户在您的网站上输入代码，您应该调用验证令牌:

Finally, once the user enters the code on your site you should call to verify the token:

$authy_api->verifyToken($userID, $token);

在这种情况下，$userID是您最初从registerUser调用中获取的ID，并且已保存到您的用户. $token是他们从应用程序或SMS输入的代码.

In this case, the $userID is that ID you got back from the registerUser call initially and that you saved to your user. The $token is the code they enter from the app or the SMS.

请告诉我是否有帮助，或者您还有其他疑问.

Please let me know if that helps or if you have any other questions.

这篇关于Authy文档Auth-Key和QR码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！