'Is there still a Microsoft Authenticator dev API? How can I use It?
I don't know exactly if I should ask this question here, neither if I'm using the exact right tags, but... I need to add a 2FA to a system I'm developing and, while I was looking for the best available options of 2FA, we thought about adding Microsoft Authenticator support to it (We liked Authy, Google Authenticator, etc, but we tend to prefer Microsoft solutions here). It seems it used to exist a way of adding Microsoft's 2FA to our site, but is there a way to do it now in 2019? If so, is it free (We got Microsoft developer accounts... If having them is the only paid requirement, we're ok)
Solution 1:[1]
The Microsoft and Google Authenticators just implement the TOTP mechanism to provide a serverless (read: offline, you only need an accurate timestamp) one time password mechanism. You can use any generic TOTP library to generate a user specific shared secret, possibly encode that one as QR image for ease of configuration and then validate if a provided token matches the shared secret and has been created in the last +-n seconds.
Solution 2:[2]
Microsoft Authenticator just implements the Time based OTP mechanism ( https://en.wikipedia.org/wiki/Time-based_One-Time_Password ).
If you do not have Azure accounts, the Microsoft authenticator can scan a QR code with the following embedded URL
otpauth://totp/UserName?secret=Some-long-secret&digits=6&issuer=CompanyName
Once the Microsoft Authenticator has scanned this QR Code, it will start showing you one time passwords. On the server side, you can use a library like https://github.com/samdjstevens/java-totp The library can be used to generated the secret or verify the OTPs generated by the Microsoft Authenticator.
Solution 3:[3]
You can get started here: https://github.com/BrandonPotter/GoogleAuthenticator Although the library is called "Google Authenticator" it can also be used with Microsoft's Authenticator because they basically function the same way. TOTP
Solution 4:[4]
Yes, a quick go-through:
Your users download Microsoft Authenticator app https://apps.apple.com/us/app/microsoft-authenticator/id983156458 or https://play.google.com/store/apps/details?id=com.azure.authenticator&hl=en&gl=US
You generate a "secret" code on behalf of your user:
https://microsoft-authenticator.p.rapidapi.com/new/
Server will return you the secret code (e.g. "IH225HMVWDS3XJVY"), keep the code, because you'll need it at steps 3 and 4.
You generate QR codes for your users via:
https://microsoft-authenticator.p.rapidapi.com/enroll/?secret=IH225HMVWDS3XJVY&account=A123&issuer=HomeCorp
Users scan the QR code using Microsoft Authenticator app and temporary codes now get generated.
Now you can validate the codes via:
https://microsoft-authenticator.p.rapidapi.com/validate/?secret=IH225HMVWDS3XJVY&code=425079
See full tutorial here https://rapidapi.com/chdan/api/microsoft-authenticator/tutorials/easy-two-factor-authentication-(2fa)-with-microsoft-authenticator.
Hope this helps.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | Suchiman |
Solution 2 | Mohammad S. Dhedhi |
Solution 3 | Tony Cobb |
Solution 4 | Daniil Penegin |