Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

iamamirsalehi's avatar

Google authenticator does not work in API

Hi there, I have the code below:

 public function enable2fa(EnableRequest $request)
    {
        $validated_data = $request->validated();

        $user = auth()->user();
        $google2fa = (new \PragmaRX\Google2FAQRCode\Google2FA());

        $secret = $validated_data['secret'];

        $valid = $google2fa->verifyKey($user->passwordSecurity->google2fa_secret, $secret);

        if (!$valid) {
            Log::action([
                'type' => 'warning',
                'user_id' => $user->id,
                'method_address' => 'App\Http\Controllers\API\V1\GoogleAuthenticator\GoogleAuthenticatorController::enable2fa',
                'action' => 'the entered validation number are wrong and google authenticator is not enabled',
            ]);

            return Response::send(401, 'wrong code');
        }

        $this->passwordSecurityRepository->updateBy([
            'user_id' => $user->id,
        ], [
            'google2fa_enable' => 1,
        ]);

        Log::action([
            'type' => 'info',
            'user_id' => $user->id,
            'method_address' => 'App\Http\Controllers\API\V1\GoogleAuthenticator\GoogleAuthenticatorController::enable2fa',
            'action' => 'google authenticator is now enabled for the user',
        ]);

        return Response::send(200, 'google authenticator is enabled');
    }

the code above works when I send a request from the form but when I want to use it in API it actually does not work and does verify the sent secret code

I'm using the "pragmarx/google2fa-laravel": "^1.4", package

0 likes
0 replies

Please or to participate in this conversation.