1. First create a secret and associate it with a user
  2. Next create a QR code and let the user scan it:

    ...or display the secret to the user for manual entry: SWJA 2P6B NMVZ Z7WR OGSB Z7MI 7GUD XMZO
  3. Next, have the user verify the code; at this time the code displayed by a 2FA-app would be: 857259 (but that changes periodically)
  4. When the code checks out, 2FA can be / is enabled; store (encrypted?) secret with user and have the user verify a code each time a new session is started.
  5. When aforementioned code (857259) was entered, the result would be: OK

Note: Make sure your server-time is NTP-synced! Depending on the $discrepancy allowed your time cannot drift too much from the users' time!


Fatal error: Uncaught Error: Call to undefined function RobThree\Auth\Providers\Time\socket_create() in /home/app/htdocs/leantime/vendor/robthree/twofactorauth/lib/Providers/Time/NTPTimeProvider.php:30 Stack trace: #0 /home/app/htdocs/leantime/vendor/robthree/twofactorauth/lib/TwoFactorAuth.php(157): RobThree\Auth\Providers\Time\NTPTimeProvider->getTime() #1 /home/app/htdocs/leantime/vendor/robthree/twofactorauth/demo/demo.php(28): RobThree\Auth\TwoFactorAuth->ensureCorrectTime() #2 {main} thrown in /home/app/htdocs/leantime/vendor/robthree/twofactorauth/lib/Providers/Time/NTPTimeProvider.php on line 30