Framework: Account for Preferences settings 2FA refresh response #202
Comments
|
I think this is still worth fixing — the current situation can lead to a poor user experience, forcing you to enter your 2FA credentials just to sign out of WordPress.com, for example. |
|
@lancewillett : I think there's two issues being confused here. First is the undesirable user flow for requiring 2FA code entry on some screens (e.g. to log out). Other is that we're unable to persist Calypso preferences to the REST API when a 2FA code, but do not prompt the user and thus only save to |
|
@aduth OK, I can split them up. Thanks for the explanation! |
|
@aduth can we put this issue into a maintenance milestone so it gets attention in the next round of api maintenance work? |
|
Ref: 600-gh-io |
|
Bug scrub: 31Oct2016 I re-tested this issue by removing the |
Use ES6 `export` keyword consistently
Raised by @aduth
When a user's two-factor authentication token is "stale", the
GET /me/settingsendpoint will return a 401 error response.{"code":401,"headers":[{"name":"Content-Type","value":"application\/json"}],"body":{"error":"reauthorization_required","message":"A fresh access token must be used to query information about the current user."}}When a 2FA token is stale, we won't be able to retrieve from the settings endpoint until the next 2FA refresh, meaning we rely on localStorage exclusively for preferences persistence. This is not a terrible experience, but we should still seek to remove this restriction from the settings endpoint for this particular setting so as to preserve preferences even when localStorage has cleared or the user moves between different computers.
The text was updated successfully, but these errors were encountered: