Skip to content

Minimal Implementation FastAPI for MFA (2FA) using pyotp and qrcode

Notifications You must be signed in to change notification settings

agfianf/fastapi-2fa-minimal

Repository files navigation

Minimal Two Factor Authentication (2FA) in FastAPI 🚀

This repository contains a minimal implementation of enabling/disabling 2FA in a FastAPI application using PyOTP and qrcode.

Features

  • User Signup with Optional MFA
    Register a new user with the option to enable MFA. When enabled, the server generates a secret and provisioning URI, and the user can scan the QR code to configure their authenticator app.

    Show Illustration

    Workflow Sign Up Authenticator App

  • Login with 2FA
    After providing valid credentials, if MFA is enabled the user is prompted for an OTP generated by their authenticator app.

  • Disable MFA
    Users can disable MFA by verifying their password and an OTP. After disabling, they must manually remove the account from their authenticator app.

How it works can see workflows.md

Installation

  1. Clone the repository:
    git clone https://github.com/agfianf/color-correction
  2. Install the dependencies:
    • via pip:
      source .venv/bin/activate
      pip install -r requirements.txt
    • or via uv:
      uv sync
      source .venv/bin/activate
  3. Run the application:
    cd app
    python main.py

Usage 📲

  • Signup with MFA:

    Send a POST request to /signup with:

    {
        "username": "your_username",
        "password": "your_password",
        "enable_mfa": true
    }

    Retrieve the provisioning URI from the response. Optionally, access /qrcode/your_username to view the QR code image.

  • Login with MFA:

    Use /login to verify your username and password. If MFA is enabled, follow up with a POST request to /login-2fa by providing your OTP.

  • Disable MFA:

    Send a POST request to /disable-mfa with:

    {
        "username": "your_username",
        "password": "your_password",
        "token": "your_current_OTP"
    }

    After receiving a success response for MFA disablement, manually remove the account from your authenticator app.

Swagger API

About

Minimal Implementation FastAPI for MFA (2FA) using pyotp and qrcode

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages