In most cases, it's highly recommended to use Twilio: it's one of the industry leaders and provides incredibly reliable and secure two-factor authentication. If you can, use this.
Writing your own 2FA implementation is more difficult than it may seem. Use Twilio if you can. Applaud Support cannot help with any problems you may have pertaining to custom code.
To write your own 2FA implementation you will need to:
- Write a custom PL/SQL package that confirms to a specific interface
- Register your custom PL/SQL package
- Open up network connectivity from the Oracle database tier to whichever 2FA service you're integrating with
Write a custom PL/SQL package
Your PL/SQL will need to conform to the following interface. In other words, the PL/SQL package header must have these procedures and functions defined with exactly the same names, parameters, and types:
--
-- Returns the 3rd party user id after registration. If an error occurs, it's set in p_error_msg.
-- When p_error_msg is set, the registration is not completed and the error will be sent back to the user.
--
FUNCTION register_user
(p_email_address IN VARCHAR2
,p_country_code IN VARCHAR2
,p_phone_number IN VARCHAR2
,p_error_msg OUT VARCHAR2) RETURN VARCHAR2;
--
-- Sends a token to the user. If an error occurs, it's set in p_error_msg.
-- When p_error_msg is set, the token send is not completed and the error will be sent back to the user.
--
PROCEDURE send_token
(p_user_id IN VARCHAR2
,p_error_msg OUT VARCHAR2);
--
-- Verifies a user's token. If an error occurs, it's set in p_error_msg.
-- When p_error_msg is set, the token verification is not completed and the error will be sent back to the user.
--
PROCEDURE verify_token
(p_user_id IN VARCHAR2
,p_token IN VARCHAR2
,p_error_msg OUT VARCHAR2);
--
-- Deletes the user. If an error occurs, it's set in p_error_msg.
-- When p_error_msg is set, the deletion is not completed and the error will be sent back to the user.
--
PROCEDURE delete_user
(p_user_id IN VARCHAR2
,p_error_msg OUT VARCHAR2);
Ensure that you correctly handle any error messages that may come back from your 3rd party 2FA provider.
Register your custom PL/SQL package
To register your custom package, set the profile option Two-factor PL/SQL package (XXAS_2FA_PLSQL_PACKAGE) to the name of your PL/SQL package at Site level. For example, xxx_custom_2fa_pkg.
Open network connectivity
Your custom implementation most likely integrates with a 3rd party service, likely using HTTPS. You'll need to import the various certificates into Oracle Wallet and enable network connectivity to your 3rd party service.