Skip to content Skip to footer navigation
Light theme Dark theme

User-two_factor_challenge_form Tag

When a user with two-factor authentication enabled logs in, they need to verify their identity with a code from their authenticator app. This tag renders that verification form.

Overview#

The user:two_factor_challenge_form tag renders a form for users to complete the second step of two-factor authentication. After submitting valid credentials on the login form, users with 2FA enabled are redirected to this challenge form.

The tag will render the opening and closing <form> HTML elements for you. Users can verify their identity by entering either a code from their authenticator app or a recovery_code.

Hot Tip!

This form will only render content if there's a pending 2FA challenge in the session. If accessed without a pending challenge, the form contents won't be displayed.

A troll pointing a teaching stick

Example#

{{ user:two_factor_challenge_form redirect="/dashboard" }}



    {{ if errors }}

        <div class="bg-red-300 text-white p-2">

            {{ errors }}

                {{ value }}<br>

            {{ /errors }}

        </div>

    {{ /if }}



    <p>Enter the 6-digit code from your authenticator app:</p>

    <input type="text" name="code" inputmode="numeric" autocomplete="one-time-code" maxlength="6" />



    <p>Or use a recovery code:</p>

    <input type="text" name="recovery_code" />



    <button type="submit">Verify</button>



{{ /user:two_factor_challenge_form }}

<s:user:two_factor_challenge_form redirect="/dashboard">

    @if ($errors)

        <div class="bg-red-300 text-white p-2">

            @foreach ($errors as $error)

                {{ $error }}<br>

            @endforeach

        </div>

    @endif



    <p>Enter the 6-digit code from your authenticator app:</p>

    <input type="text" name="code" inputmode="numeric" autocomplete="one-time-code" maxlength="6" />



    <p>Or use a recovery code:</p>

    <input type="text" name="recovery_code" />



    <button type="submit">Verify</button>

</s:user:two_factor_challenge_form>

Redirect Behavior#

If you don't specify a redirect parameter, the form will use the redirect value from the original login form. This allows you to specify the redirect destination once on the login form and have it carry through the entire 2FA flow.

Parameters

redirect

string

Where the user should be taken after successful verification.

error_redirect

string

Where the user should be redirected on validation errors.

allow_request_redirect

boolean

When set to true, the redirect and error_redirect parameters will get overridden by redirect and error_redirect query parameters in the URL.

HTML Attributes

Set HTML attributes as if you were in an HTML element. For example, class="required" id="2fa-form".

Variables

Variable Type Description

errors

 array

An array of validation errors.

error

 array

An array of validation errors indexed by field names. Suitable for targeting fields. eg. {{ error:code }}

success

 string

A success message.