2fa broken with secureApiMode enabled #2
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
the frontend uses the user/show endpoint to determine whether or not to show a 2fa prompt. we lock off that endpoint during secureApiMode, meaning that enabling 2fa effectively prevents a user from logging in.
potential fixes:
also look into passwordless logins and how we can serve that usecase