How to set up Google two-step verification in Bubble

You set up Google two‑step verification in Bubble by using a TOTP (Time‑based One‑Time Password) plugin. Bubble does not generate Google Authenticator codes natively, so the correct method is: install a TOTP plugin, generate a secret key for each User, show them the QR code to scan with Google Authenticator, then require them to enter the 6‑digit code during login to verify. This works with any authenticator app (Google Authenticator, Authy, 1Password, etc.).

What You Need

• A real TOTP plugin (for example: One Time Password (2FA), or TOTP Authenticator from the Bubble plugin marketplace).
• A field in your User data type: totp\_secret (text).

Step‑by‑Step Setup

• Generate a secret: In a workflow (usually after account signup), use the plugin action Generate TOTP Secret and save the returned secret into Current User's totp\_secret.
• Show a QR code: Use the plugin’s QR Code for TOTP element or data source. Bind it to Current User's totp\_secret. The user scans this with Google Authenticator.
• Verify the 6‑digit code: Create a page where the user enters the TOTP code. Run a workflow using the plugin action Verify TOTP Code with:
  • Secret = Current User's totp\_secret
  • Code = Input’s value
• If verification is valid: Mark a field like 2fa\_enabled = yes on the User.
• Protect login: After "Log the User in", check:
  • If Current User's 2fa\_enabled is yes, send them to a "Verify 2FA" page.

Example: Verifying a Code in a Workflow

// Bubble plugin action (conceptual example)
Verify TOTP Code:
secret = Current User's totp_secret
code = Input Code's value

If the plugin returns "valid = yes", continue login. If not, show an error message. This is the exact flow real apps use for Google Authenticator inside Bubble.