Two factor authentication

Tinyauth has built-in support for TOTP, enabling the use of authenticator apps to generate 2FA codes for logging in.

Generating the Secret

A TOTP secret must first be generated. This requires the current username:hash. Use the Tinyauth CLI to create the new user:

Docker

docker run -i -t --rm ghcr.io/steveiliop56/tinyauth:v5 totp generate --interactive

Binary

./tinyauth totp generate --interactive

The command prompts for the user and generates a QR code to scan with an authenticator app. Once added, copy the newly generated user (displayed after the user= log message) and include it in the Tinyauth user list. Restart Tinyauth to apply changes. From this point, logging in will require a TOTP code.

Note

Due to the way the QR code library works in Tinyauth, the QR code may be massive and may not fit on a standard screen. If this happens, you can try resizing your terminal window or using a different terminal emulator.

Verifying the User

If you want to ensure that the user is configured correctly, you can use the following command:

Docker

docker run -i -t --rm ghcr.io/steveiliop56/tinyauth:v5 user verify --interactive

Binary

./tinyauth user verify --interactive

The command prompts for the username:hash:totp, username, password, and a TOTP code from the authenticator app. If successful, a user verified message is displayed.