Authy 2FA with Flask

by TwilioDevEd


Two-Factor Authentication with Authy OneTouch

This application example demonstrates how to implement Two-Factor Authentication on a Python Flask application using Authy OneTouch.

Build Status

Learn more about this code in our interactive code walkthrough.


Create an Authy app

Create a free Authy account if you haven't already done so and then connect it to your Twilio account.

Create a new Authy application. Be sure to set the OneTouch callback endpoint to once you've finished configuring the app.

Local development

This project is built using the Flask web framework. For now it only runs on Python 2.7 (not 3.4+).

  1. To run the app locally, first clone this repository and cd into it.

  2. Create a new virtual environment.

  3. Install the requirements.

    pip install -r requirements.txt
  4. Copy the .env_example file to .env, and edit it to include your Authy API key

  5. Run source .env to apply the environment variables (or even better, use autoenv)

  6. Start a local PostgreSQL database and create a database called 2fa_flask.

    • If on a Mac, we recommend using After installing it, open psql and run CREATE DATABASE 2fa_flask;

    • If Postgres is already installed locally, you can just run createdb 2fa_flask from a terminal

  7. Run the migrations.

    python db upgrade
  8. Start the development server.

    python runserver

To actually process OneTouch authentication requests, your development server will need to be publicly accessible. We recommend using ngrok to solve this problem.

Once you have started ngrok, set your Authy app's OneTouch callback URL to use your ngrok hostname, like this:

Run the tests

You can run the tests locally through coverage:

  1. Optionally create a separate test database and update your DATABASE_URL environment variable if you don't want your development data overwritten.

  2. Run the tests.

    $ coverage run test

You can then view the results with coverage report or build an HTML report with coverage html.

That's it!


  • No warranty expressed or implied. Software is as is. Diggity.
  • MIT License
  • Lovingly crafted by Twilio Developer Education.