Authy2fa Flask Save

2FA Implementation with Authy and Python Flask

Project README

Two-Factor Authentication with Authy OneTouch

This application example demonstrates how to implement Two-Factor Authentication on a Python Flask application using Authy OneTouch.


Learn more about this code in our interactive code walkthrough.


Create an Authy app

Create a free Twilio account if you haven't already done so.

Create a new Authy application. Be sure to set the OneTouch callback endpoint to once you've finished configuring the app.

Local development

This project is built using the Flask web framework and the SQlite3 database.

  1. To run the app locally, first clone this repository and cd into it.

  2. Create and activate a new python3 virtual environment.

    python3 -m venv venv
    source venv/bin/activate
  3. Install the requirements using pip.

    pip install -r requirements.txt
  4. Copy the .env.example file to .env, and edit it to include your Authy Application's Production API key. This key can be found right below the Application's name in its Settings menu.

    cp .env.example .env
  5. Create the Flask app specific environment variables

    export FLASK_APP=twofa
    export FLASK_ENV=development
  6. Initialize the development database

    flask db upgrade
  7. Start the development server.

    flask run

Expose your app in the internet

To actually process OneTouch authentication requests, your development server will need to be publicly accessible. We recommend using ngrok to solve this problem. Note that in this tutorial only the HTTP address from ngrok will work, so you should start it using this command:

ngrok http -bind-tls=false 5000

Once you have started ngrok, set your Authy app's OneTouch callback URL to use your ngrok hostname, like this:

http://[your ngrok subdomain]

Run the tests

You can run the tests locally through coverage:

  1. Run the tests.


You can then view the results with coverage report or build an HTML report with coverage html.

That's it!


  • No warranty expressed or implied. Software is as is. Diggity.
  • MIT License
  • Lovingly crafted by Twilio Developer Education.
Open Source Agenda is not affiliated with "Authy2fa Flask" Project. README Source: TwilioDevEd/authy2fa-flask