Change 2FA code lifetime
onamanzi opened this issue · comments
Hello
I started working with fortify and noticed that the code generated by the Google authenticator or another can be used multiple times in 1 minute even though the 2FA application generates a new one every 30 seconds.
Investigating a bit in the documentation of pragmarx/google2fa I've managed to change the code lifetime to 30 seconds through the window property, using $this->engine->setWindow(0);
directly in the function verify
in vendor/laravel/fortify/src/TwoFactorAuthenticationProvider.php
.
I've not been able to find information in the laravel documentation to help me modify the duration of the code from a provider configuration file, I am not sure how practical it is to implement something like this but it would be helpful to change the duration of the 2FA code.
Would probably need to be provided as a config option up front through a closure based instantiation here: https://github.com/laravel/fortify/blob/1.x/src/FortifyServiceProvider.php#L50
I think this is a valid suggestion. Welcoming PR's.