Vaadin login dialog and 2FA

Has someone a good example for Vaadin login with 2FA (preference is SMS as a start)?

I know that this could be a Spring Boot question, but I want to do it with Vaadin flow, so I asked here at first.

You won’t find a lot of example because it’s discouraged to build your own authentication system and instead go with something on the market like Keycloak, Auth0 or other providers.

@poised-leopard !!! You know what you should do :wink:

Hmm, yes… I actually don’t have a good example for that, I just have a not-production-ready one for WebAuthn based MFA, and an old TOTP example that is not Spring.

If it’s a possibility for you, I’d look at SSK Kit and (as @quirky-zebra said) set up Keycloak or other IdP to handle auth.
I realize this might not be the answer you’re looking for.

Last I feel I should also mention that SMS is not usually recommended, e.g CISA says “This form of MFA should only be used as a last resort MFA option. However, it can serve as a temporary solution while organizations transition to a stronger MFA implementation.” Again, I understand it might have to start there anyway.

Interesting that SMS is considered that way. I tend to use it pretty much everywhere, iif possible. As an end user, I have least issues with that solution :sunglasses:

Wanna share your mobile number with me? :smirk: Let’s say… people have some ways to “steal” your SMS :kissing:

Yes, SMS is insecure. The weak point is the operator - usually, the clerk at the phone shop who can be convinced that “you got your phone and wallet stolen, so you don’t have any id, but you need to take this extremely important call that’s coming to your number”