Releases: scheb/2fa
v6.11.0
The window
config option is deprecated and will be removed in bundle version 7. Please use the new option leeway
instead.
See the configuration reference for details
Background: The options scheb_two_factor.google.window
and scheb_two_factor.totp.window
behave differently, depending on the version of Spomky-Labs/otphp
used:
- With
Spomky-Labs/otphp
v10: How many codes before/after the current one would be accepted - With
Spomky-Labs/otphp
v11: Acceptable time drift in seconds
To address this confusing ambiguous behavior (#201), the new config option leeway
is introduced, which is only allowed in conjunction with Spomky-Labs/otphp
v11.
v6.10.0
v6.9.0
- Add Turkish translations, thanks to @umut-ramazan
v6.8.0
v6.7.0
v6.6.0
v6.5.0
v6.4.0
v6.3.0
A configuration option scheb_two_factor.trusted_device.key
was added to configure an encryption key for the trusted device token. Before, it was hard-coded to use the application's kernel.secret
. This is still the case, if you don't set a value for scheb_two_factor.trusted_device.key
.
Background:
If you're using lcobucci/jwt
version 4.2 or higher, a 265bit key is required for the trusted device token. If your kernel.secret
isn't long enough, you'll run into problems. In that case, you have the option to configure a scheb_two_factor.trusted_device.key
value with sufficient length, if you don't want to change the kernel.secret
value for your entire application (which may have unforeseen consequences (λ) for your application). Warning: This will invalidate all trusted device tokens for your users.
Thanks to @lcobucci for suggesting the approach in #158 and doing the majority of work :)