Contents

Decoupled Drupal with 2FA | Configure 2FA with Headless/ Decoupled Drupal

Secure your Headless/Decoupled Drupal with a robust Two Factor Authentication (2FA) using our Drupal Two Factor Authentication - 2FA / Passwordless Login. This guide will help you to configure Two-Factor Authentication (2FA / MFA) for your Headless Drupal site.
Drupal 2FA module will add a second layer of authentication to your Drupal account to increase the security of your site from unwanted hacks and unauthorized login attempts. This module is compatible with all Drupal 7, 8 and Drupal 9 sites.
If you have any queries or if you need any sort of assistance in configuring the module, you can contact us at drupalsupport@xecurify.com. If you want, we can also schedule an online meeting to help you configure the Two Factor Authentication - 2FA / Passwordless Login module.

Features and Pricing

Know more about Drupal Two Factor Authentication - 2FA / Passwordless Login module from here.

Pre-requisites: Download

You can download the Drupal Two Factor Authentication - 2FA / Passwordless Login module from here.

Steps to configure 2FA method with Headless Drupal using Two Factor Authentication - 2FA / Passwordless Login module:

1. Install miniOrange 2FA module

1.1. Using Composer:

For Windows:
```
composer require drupal/miniorange_2fa
```

For Linux:

composer require 'drupal/miniorange_2fa'

Go to Drupal site and run the update script using this URL
```
{BaseURL}/update.php
```
Navigate to the Extend -> Search for miniOrange Second Factor Authentication -> Select the module -> Click on the Install button.

You can configure the module at

{BaseURL}/admin/config/people/miniorange_2fa/customer_setup

1.2. Using Drush:

Download the module:
```
drush dl miniorange_2fa
```
Install the module:
```
drush en miniorange_2fa
```
Clear the cache:
```
 drush cr
```

Configure the module at

{BaseURL}/admin/config/people/miniorange_2fa/customer_setup

1.3. Manual installation:

Navigate to Extend menu on your Drupal admin console and click on Install new module.
Install the Drupal Two Factor Authentication - 2FA / Passwordless Login module either by downloading the zip or from the URL of the package (tar/zip).
Click on Enable newly added modules.
Enable this module by checking the checkbox and click on Install button.

Configure the module at

{BaseURL}/admin/config/people/miniorange_2fa/customer_setup

2. Setup Drupal as Headless 2FA

Navigate to the Headless 2FA Setup tab.
Click on Enable Headless Two-Factor checkbox to activate the Headless/Decoupled 2FA service.

Drupal Headless 2FA - Enable headless 2FA

Select the authentication method of your choice from 2FA method dropdown.

Enter the Machine Name of the phone number field. You can click the link in Note to check available fields on your Drupal site.

Click on the Save Settings button.

3. Steps to integrate Headless/ Decoupled 2FA:

Minimum requirement for integrating 2FA with Drupal :

Login page : Having Username and Password fields
OTP Page: Having OTP fields

3.1 Authenticate users by sending Username and Password

The first step is to authenticate users by sending Username and Password to our /headless/authenticate endpoint (API) so they can authenticate against the Drupal database. Once the user is authenticated successfully, OTP will be sent to registered mobile/email (depending on the configuration).

API: POST {drupal-base-URL}/headless/authenticate.
What you will send:
{"username":"xxxxx","password":"xxxxx","apiKey":"xxxxx"}
If successful, you will receive back the following response:
{"username":"xxxxx","status":"SUCCESS","message":"xxxxx","transactionID":"xxxxx","authType":"xxxxx"}

With the following parameters:

PARAMETER	TYPE	REQUIRED?	DESCRIPTION
username	string	required	Entered by the user on the login form.
password	string	required	Entered by the user on the login form.
apiKey	string	required	Send the apiKey provided in the module.

3.2 Validate the user by sending OTP

The second step is to validate the user by sending OTP (One time passcode) to our /headless/login endpoint (API).

API: POST {drupal-base-URL}/headless/login
What you will send:
{"username":"xxxxx","transactionID":"xxxxx","authType":"xxxxx","otp":"xxxxx","apiKey":"xxxxx"}
If successful, you will receive back the following response:
{"username":"xxxxx","status":"SUCCESS","message":"xxxxx","userprofile":"xxxxx"}

With the following parameters:

PARAMETER	TYPE	REQUIRED?	DESCRIPTION
username	string	required	You will get this in response to the first API call.
transactionID	string	required	You will get this in response to the first API call.
authType	string	required	You will get this in response to the first API call.
otp	string	required	You will get this in response to the first API call.
apiKey	string	required	Send the apiKey provided in the module.

3.3 POSSIBLE ERRORS

ERROR CODE	DESCRIPTION
400 Authentication Failed	API Authentication Failed
404 Not Found	Headless 2FA setting is not enabled. Please enable the same under the Headless 2FA Setup tab of the module.
401 Unauthorized	User has entered invalid credentials (username/password)
403 Forbidden	User has entered the incorrect OTP (One time passcode)
500 Internal Server Error	You will get 500 Internal Server Error due to various reasons, please check Drupal logs for more details.

24*7 Active Support

If you face any issues or if you have any questions, please feel free to reach out to us at drupalsupport@xecurify.com. In case you want some additional features to be included in the module, please get in touch with us, and we can get that custom-made for you. Also, If you want, we can also schedule an online meeting to help you configure the Drupal Two Factor Authentication - 2FA / Passwordless Login module.

Our Other modules

SAML SP | SAML IDP | 2FA/Passwordless Login | OAuth/OIDC Client | LDAP/AD Login | OAuth Server | Decoupled/Headless Authentication | OTP Verification | Website Security | Rest API Authentication | SCIM User Provisioning

Contents