Merge pull request #96 from ellaisys/hotfix

fix: updated the QR library for MFA
ellaisys · May 3, 2024 · 6a651df · 6a651df
2 parents 4f6a949 + 5305195
commit 6a651df
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 2 deletions.
diff --git a/README_MFA.md b/README_MFA.md
@@ -104,11 +104,13 @@ The response that you will get for the API call would look this
         "TotpUri": "otpauth://totp/ApplicationName ([email protected])?secret=ESKPE46WBNOAB7QXXXXXXXXXXXXXXXXXXXPFIVJVJFEPDP2NNIA&issuer=ApplicationName"
     }
 ```
-
 and the web response, you can design a page like this to show the code for activating the Software MFA token.
 
 <img src="./assets/images/web_application_activate.png" width="50%" alt="cognito mfa activate for web"/>
 
+>[!IMPORTANT]
+>In case you want to change the QR Generator library, you can change the value in the configuration file with the key **mfa_qr_library**. Alternately, you can set the string in the environment file identified by **AWS_COGNITO_MFA_QR_LIBRARY**. 
+
 ### **Verify MFA (Software Token Only)**
 In order to complete the activation process, the verification is an essential step. As part of this verification process, you need to enter the code (available in the authenticator application) while submitting the request. The implementation needs to be updated depending on the web or API controller. The response will be HTTP Status Code 200.
 

diff --git a/config/cognito.php b/config/cognito.php
@@ -256,4 +256,20 @@
     |
     */
     'force_new_user_password' => env('AWS_COGNITO_FORCE_NEW_USER_PASSWORD', false),
+
+    /*
+    |--------------------------------------------------------------------------
+    | Allow new user configure the MFA QR Library
+    |--------------------------------------------------------------------------
+    |
+    | This option enables the user to set the MFA QR code library to be used
+    | during the to invitation for the new user. The default value is set
+    | currently to https://quickchart.io/qr. The TOPT URL will be appended to
+    | the end of the this library URL
+    |
+    | For configuration & customizations of QuickChart
+    | Refer https://quickchart.io/documentation/qr-codes/ for more details.
+    |
+    */
+    'mfa_qr_library' => env('AWS_COGNITO_MFA_QR_LIBRARY', 'https://quickchart.io/qr?size=200&text='),
 ];
diff --git a/src/Guards/Traits/CognitoMFA.php b/src/Guards/Traits/CognitoMFA.php
@@ -85,7 +85,7 @@ public function associateSoftwareTokenMFA(string $appName=null, string $userPara
                     $uriTotp = 'otpauth://totp/'.$appName.' ('.$username.')?secret='.$secretCode.'&issuer='.config('app.name');
                     $payload = [
                         'SecretCode' => $secretCode,
-                        'SecretCodeQR' => 'https://chart.googleapis.com/chart?chs=200x200&cht=qr&chl='.$uriTotp.'&choe=UTF-8',
+                        'SecretCodeQR' => config('cognito.mfa_qr_library').$uriTotp,
                         'TotpUri' => $uriTotp
                     ];
                     return $payload;