MFA Support
Is there a plan to add MFA support to auth flow, either via TOTP other means?
6 Replies
Hi @donmackinnon. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
Yes, there are plans to add multi-factor authentication (MFA) support to Wasp's authentication flow in the future. According to the GitHub issue Add support for multi-factor auth to authentication (https://github.com/wasp-lang/wasp/issues/1476), the Wasp team is considering adding MFA features, particularly for their email/password and username/password authentication methods.
Currently, Wasp supports different auth providers like Google and GitHub, which offer MFA as part of their auth process. However, for Wasp's own email/pass or username/pass authentication, MFA options are not yet available.
The team is still in the planning stages for this feature, and they are considering various approaches:
1. They might add MFA to email/pass and user/pass authentication methods.
2. They are exploring the possibility of using existing solutions rather than implementing MFA from scratch.
3. The exact methods of MFA to be implemented are still under consideration.
It's worth noting that this feature is not currently a top priority for the Wasp team. They are planning to address it as they approach version 1.0 of Wasp.
While there's no specific timeline provided, the team is open to community input and contributions on this feature. However, they've mentioned that it might be challenging for newcomers to implement, so they're encouraging beginners to start with simpler issues labeled as "good first issue" instead.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @donmackinnon, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?
It's an open issue for us, tracking it here: https://github.com/wasp-lang/wasp/issues/1476
GitHub
Add support for multi-factor auth to authentication · Issue #1476 ·...
https://discord.com/channels/686873244791210014/1159564569547649115/1159567887497969745 -> user said they would want to have multi-factor auth in order to use wasp in production. We should look ...
I raised this up back in November and I know that feature request has been out there since 2023. Can you share if it is something that will be coming up on the Wasp roadmap anytime soon? For any company wanted to use Wasp in a SOC2 compliant organization, MFA is going to be a requirement
We can't really give you an ETA on that feature, we're looking to reach Wasp 1.0 and auth is one of our topics that we'll work on in our roadmap: https://github.com/orgs/wasp-lang/projects/5
I'm not sure if MFA will make the cut, but we're still planning the exact tasks we'll tackle. Have your tried implementing MFA yourself in the user land? We expose a lot of different auth hooks that might help you achieve what you need in the meantime: https://wasp.sh/docs/auth/auth-hooks
Do you have some ideal implementation in mind for MFA, to help us picture what you'd like to see in Wasp? 🙂
GitHub
Wasp Roadmap • wasp-lang
This is a high-level overview of the work being done on Wasp, as currently planned by the Wasp team. It contains only Epics, roughly sorted by priority. Note that this Roadmap is not a commitment a...
Auth Hooks | Wasp
Auth hooks allow you to "hook into" the auth process at various stages and run your custom code. For example, if you want to forbid certain emails from signing up, or if you wish to send a welcome email to the user after they sign up, auth hooks are the way to go.
We are probably going to start the work to add MFA to our Wasp application next week. Our needs would be to support email, SMS and authenticator apps. As of right now all of our users are email/pw users because that's the only auth mode we currently offer.
Let us know if you need help with figuring that out, I'd love to help you get it working with Wasp 🙏