Authy – 2FA by One Touch

Hi, welcome back. 🙂

This blog is a part of a blog series on Authy. I suggest you go through previous blogs of the series.

* Authy Two Factor Authentication in Grails with spring security core Part-1 (Configuration)

* Authy Two Factor Authentication in Grails with spring security core Part-2 (2FA by SMS)

* Authy Two Factor Authentication in Grails with spring security core Part-3 (2FA by Phone Call)

In this blog, we are going to see, how to do 2FA (two-factor authentication) verification of the user by Authy one touch approval request facility.

One Touch

When you use SMS and phone call facility in your application for 2FA, you have to create an extra view for the user to enter the security code. One touch is a facility where the user gets the notification on Authy mobile application and Authy browser application to approve or decline the approval request. Once the user approves or declines the approval request you will get the notification on your application. You have to provide the callback URL on Authy site to get the notification.

One Touch

Step1 — Configurations

Do all configurations mentioned in my previous blog.

Step2 — Register a user

While registering a user on your application, register the user on Authy as well, so that Authy can send one touch approval request.
Use com.authy.api.Users.createUser() method to register the user on Authy. This method takes 3 arguments, phone number, country code and email address.

AuthyApiClient authyClient = new AuthyApiClient("YOUR_API_KEY")
User authyUser = authyClient.getUsers().createUser(email, phoneNumber, countryCode)

Check whether the user is created successfully on Authy using authyUser.isOk() method or not.
If authyUser.isOk() returns true, then the user is successfully created. Use authyUser.getId() to get Authy user id and save it in your local database (you will need this to send and verify security code).
If authyUser.isOk() returns false, then something goes wrong on Authy. You can get the error using user.getError().

Step3 — Send one touch approval request

Now you have successfully registered the user on your site and Authy. Now, whenever the user tries to login into the application, first ask the user for their email address and password as usual. And if the user successfully validated by spring security then send one touch approval request to the user. Use following code to send one touch approval request.

AuthyApiClient authyClient = new AuthyApiClient("API_KEY")
ApprovalRequestParams approvalRequestParams = new ApprovalRequestParams.Builder(user.authyUserId, "Authorize OneTouch Test")
.addDetail("username", user.username)
.addLogo(ApprovalRequestParams.Resolution.Default, "")
OneTouchResponse response = authyClient.getOneTouch().sendApprovalRequest(approvalRequestParams);
String uuid = response.getApprovalRequest().getUUID();

Save this uuid in some place, because you need this to check the status of the one touch approval request when you get the callback from authy.

Step4 — Check one touch approval request status

Following code is responsible for getting the status of the one touch approval request.

AuthyApiClient authyClient = new AuthyApiClient("API_KEY")
OneTouch oneTouch = authyClient.getOneTouch()
OneTouchResponse response = oneTouch.getApprovalRequestStatus(uuid);
OneTouchResponse.ApprovalRequest approvalRequest = response.
approvalRequest.getStatus() // "approved", "denied" or "pending"

If the status is “approved” then allow the user to access the site and if the status is “denied” then take appropriate action.

That’s it.

I have created a sample application AuthyDemo using this. I have also deployed (demo application) the same on Heroku as well. Have a look and if you have any issue or question, let us know. 🙂