Document how to bypass 2FA entirely in a given context

scheb · Apr 16, 2021 · 64c134d · 64c134d
1 parent 3dd41a6
commit 64c134d
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/doc/custom_conditions.md b/doc/custom_conditions.md
@@ -27,3 +27,27 @@ Register it as a service and configure the service name:
 scheb_two_factor:
     two_factor_condition: acme.custom_two_factor_condition
 ```
+
+Bypassing Two-Factor Authentication
+===================================
+
+If you simply wish to bypass 2FA in a given Authenticator context, setting the 
+`TwoFactorAuthenticator::FLAG_2FA_COMPLETE` attribute on the token will achieve this.
+
+For example, if you are building a [custom Authenticator](https://symfony.com/doc/5.2/security/experimental_authenticators.html#creating-a-custom-authenticator)
+this would bypass 2FA when the authenticator is used:
+
+```php
+class MyAuthenticator extends AbstractAuthenticator
+{
+    public function createAuthenticatedToken(PassportInterface $passport, string $firewallName): TokenInterface
+    {
+        $token = parent::createAuthenticatedToken($passport, $firewallName);
+        $token->setAttribute(TwoFactorAuthenticator::FLAG_2FA_COMPLETE, true);
+
+        return $token;
+    }
+    
+    // ...
+}
+```