two-factor-authentication

A plugin for Payload CMS that adds Two-Factor Authentication (2FA) capabilities to your admin panel.

Features

- Secure 2FA implementation using TOTP (Time-based One-Time Password)
- QR code generation for easy setup with authenticator apps
- Email notifications for 2FA events
- Trusted device management
- Seamless integration with Payload's authentication flow
- TypeScript support

Installation

``bash yarn add @digital-republic/two-factor-authentication

`or`


npm install @digital-republic/two-factor-authentication
pr

pnpm install @digital-republic/two-factor-authentication


Usage

`typescript import payloadTwoFactor from '@digital-republic/two-factor-authentication';

export default buildConfig({ plugins: [ payloadTwoFactor({ enabled: true, userCollection: { slug: 'users', // Your users collection slug }, emailHandler: { fromName: 'Your App', fromEmail: 'security@yourapp.com', subject: '2FA Authentication', }, otp: { issuer: 'Your App Name', } }), ], });`

`Options`

| Option | Type | Description | |--------|------|-------------| |enabled | boolean | Enable/disable the plugin. Defaults to false| |userCollection.slug | string | Collection slug for your users. Defaults to "users"| |emailHandler.fromName | string| Name to use in 2FA email notifications | |emailHandler.fromEmail | string| Email address to send notifications from | |emailHandler.subject | string| Subject line for 2FA emails | |emailHandler.template | string| Custom email template path | |otp.issuer | string| Name shown in authenticator apps | |otp.sessionExpires | number| 2FA session expiration time | |otp.trustedDeviceExpires | number` | Trusted device token expiration time |

License

MIT

or

npm install @digital-republic/two-factor-authentication

pr

pnpm install @digital-republic/two-factor-authentication

Usage

typescript
import payloadTwoFactor from '@digital-republic/two-factor-authentication';

export default buildConfig({
  plugins: [
    payloadTwoFactor({
      enabled: true,
      userCollection: {
        slug: 'users', // Your users collection slug
      },
      emailHandler: {
        fromName: 'Your App',
        fromEmail: 'security@yourapp.com',
        subject: '2FA Authentication',
      },
      otp: {
        issuer: 'Your App Name',
      }
    }),
  ],
});

Options

| Option | Type | Description |
|--------|------|-------------|
|

enabled | boolean | Enable/disable the plugin. Defaults to false

|
|

userCollection.slug | string | Collection slug for your users. Defaults to "users"

|
|

emailHandler.fromName | string

 | Name to use in 2FA email notifications |
|

emailHandler.fromEmail | string

 | Email address to send notifications from |
|

emailHandler.subject | string

 | Subject line for 2FA emails |
|

emailHandler.template | string

 | Custom email template path |
|

otp.issuer | string

 | Name shown in authenticator apps |
|

otp.sessionExpires | number

 | 2FA session expiration time |
|

otp.trustedDeviceExpires | number` | Trusted device token expiration time |