2fa broken with secureApiMode enabled #2

New Issue

Open

opened 2024-03-18 05:27:37 +00:00 by heartles · 0 comments

heartles commented 2024-03-18 05:27:37 +00:00

Owner

Copy Link

the frontend uses the user/show endpoint to determine whether or not to show a 2fa prompt. we lock off that endpoint during secureApiMode, meaning that enabling 2fa effectively prevents a user from logging in.

potential fixes:

• open up user/show endpoint (not viable)
• add a toggle for the frontend to show a 2fa thing (bad ux)
• add new sign in endpoints (not viable)
• use special error code from signin endpoint to indicate 2fa required? (weird)

also look into passwordless logins and how we can serve that usecase

the frontend uses the user/show endpoint to determine whether or not to show a 2fa prompt. we lock off that endpoint during secureApiMode, meaning that enabling 2fa effectively prevents a user from logging in. potential fixes: - open up user/show endpoint (not viable) - add a toggle for the frontend to show a 2fa thing (bad ux) - add new sign in endpoints (not viable) - use special error code from signin endpoint to indicate 2fa required? (weird) also look into passwordless logins and how we can serve that usecase

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

egirls-sharkey

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: heartles/egirlskey#2

No description provided.