Two factor authentication

Tinyauth has built-in support for TOTP, enabling the use of authenticator apps to generate 2FA codes for logging in.

Generating the Secret

A TOTP secret must first be generated. This requires the current username:hash. Use the Tinyauth CLI to create the new user:

Docker

docker run -i -t --rm ghcr.io/steveiliop56/tinyauth:v5 totp generate --interactive

The command prompts for the user and generates a QR code to scan with an authenticator app. Once added, copy the newly generated user (displayed after the user= log message) and include it in the Tinyauth user list. Restart Tinyauth to apply changes.

Note

Due to the way the QR code library works in Tinyauth, the QR code may be massive and may not fit on a standard screen. If this happens, you can try resizing your terminal window or using a different terminal emulator.

Binary

./tinyauth totp generate --interactive

The command prompts for the user and generates a QR code to scan with an authenticator app. Once added, copy the newly generated user (displayed after the user= log message) and include it in the Tinyauth user list. Restart Tinyauth to apply changes.

Note

Due to the way the QR code library works in Tinyauth, the QR code may be massive and may not fit on a standard screen. If this happens, you can try resizing your terminal window or using a different terminal emulator.

Browser

Current user (e.g. admin:$2a$10$...)

Generate TOTP

Copy the updated user string and include it in the Tinyauth user list. Restart Tinyauth to apply changes. From this point, logging in will require a TOTP code.

Verifying the User

If you want to ensure that the user is configured correctly, you can use the following command:

Docker

docker run -i -t --rm ghcr.io/steveiliop56/tinyauth:v5 user verify --interactive

Binary

./tinyauth user verify --interactive

The command prompts for the username:hash:totp, username, password, and a TOTP code from the authenticator app. If successful, a user verified message is displayed.