GitHub user iamprakashrathod closed a discussion: Added TOTP(Time based OTP) authentication for login
Currently, Apache Superset supports basic username/password login and external authentication providers. However, it lacks native support for TOTP (Time-based One-Time Password) 2FA using apps like Google Authenticator or Authy. Implementing TOTP support would significantly enhance login security, especially for teams running Superset in production environments without centralized authentication systems (e.g., LDAP, OAuth, SSO). ### **Proposed Solution** * Extend `AuthDBView` and `AuthLDAPView` to: * Create a new column `totp_secret` in `ab_user` table and generate a TOTP secret for new users and store them in 'totp_secret'. * Show a QR code for enrollment (e.g., in `/totp-enroll`) and user can scan this QR with any authenticator app(e.g. google, microsoft phone apps). * Prompt for OTP on every login (in `/totp-verify`) before final authentication. * * * * Use libraries like `pyotp` and `qrcode` for OTP generation and QR rendering. --- ### **Benefits** * Improved security via 2FA for native DB-based login (`AUTH_DB`) and LDAP-based login(`AUTH_LDAP`) * Reduced risk of password-only authentication GitHub link: https://github.com/apache/superset/discussions/33926 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
