2fa broken with secureApiMode enabled #2

Open
opened 2024-03-18 05:27:37 +00:00 by heartles · 0 comments
Owner

the frontend uses the user/show endpoint to determine whether or not to show a 2fa prompt. we lock off that endpoint during secureApiMode, meaning that enabling 2fa effectively prevents a user from logging in.

potential fixes:

  • open up user/show endpoint (not viable)
  • add a toggle for the frontend to show a 2fa thing (bad ux)
  • add new sign in endpoints (not viable)
  • use special error code from signin endpoint to indicate 2fa required? (weird)

also look into passwordless logins and how we can serve that usecase

the frontend uses the user/show endpoint to determine whether or not to show a 2fa prompt. we lock off that endpoint during secureApiMode, meaning that enabling 2fa effectively prevents a user from logging in. potential fixes: - open up user/show endpoint (not viable) - add a toggle for the frontend to show a 2fa thing (bad ux) - add new sign in endpoints (not viable) - use special error code from signin endpoint to indicate 2fa required? (weird) also look into passwordless logins and how we can serve that usecase
Sign in to join this conversation.
No labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: heartles/egirlskey#2
No description provided.