tsh attempts to relogin if mfa ceremony fails due to inactivity #35580
Labels
Comments
rosstimothy
added a commit
that referenced
this issue
Dec 8, 2023
Errors returned from the mfa prompt are now wrapped to allow them to be differentiated and acted upon accordingly by callers. No further processing of the error is required in this change, the code that examines the errors will already do the right thing. Fixes #35580.
rosstimothy
added a commit
that referenced
this issue
Dec 11, 2023
Errors returned from the mfa prompt are now wrapped to allow them to be differentiated and acted upon accordingly by callers. No further processing of the error is required in this change, the code that examines the errors will already do the right thing. Fixes #35580.
rosstimothy
added a commit
that referenced
this issue
Dec 11, 2023
Errors returned from the mfa prompt are now wrapped to allow them to be differentiated and acted upon accordingly by callers. No further processing of the error is required in this change, the code that examines the errors will already do the right thing. Fixes #35580.
github-merge-queue bot
pushed a commit
that referenced
this issue
Dec 14, 2023
Errors returned from the mfa prompt are now wrapped to allow them to be differentiated and acted upon accordingly by callers. No further processing of the error is required in this change, the code that examines the errors will already do the right thing. Fixes #35580.
rosstimothy
added a commit
that referenced
this issue
Dec 14, 2023
Errors returned from the mfa prompt are now wrapped to allow them to be differentiated and acted upon accordingly by callers. No further processing of the error is required in this change, the code that examines the errors will already do the right thing. Fixes #35580.
rosstimothy
added a commit
that referenced
this issue
Dec 14, 2023
Errors returned from the mfa prompt are now wrapped to allow them to be differentiated and acted upon accordingly by callers. No further processing of the error is required in this change, the code that examines the errors will already do the right thing. Fixes #35580.
rosstimothy
added a commit
that referenced
this issue
Dec 14, 2023
Errors returned from the mfa prompt are now wrapped to allow them to be differentiated and acted upon accordingly by callers. No further processing of the error is required in this change, the code that examines the errors will already do the right thing. Fixes #35580.
rosstimothy
added a commit
that referenced
this issue
Dec 14, 2023
Errors returned from the mfa prompt are now wrapped to allow them to be differentiated and acted upon accordingly by callers. No further processing of the error is required in this change, the code that examines the errors will already do the right thing. Fixes #35580.
rosstimothy
added a commit
that referenced
this issue
Dec 14, 2023
Errors returned from the mfa prompt are now wrapped to allow them to be differentiated and acted upon accordingly by callers. No further processing of the error is required in this change, the code that examines the errors will already do the right thing. Fixes #35580.
rosstimothy
added a commit
that referenced
this issue
Dec 14, 2023
Errors returned from the mfa prompt are now wrapped to allow them to be differentiated and acted upon accordingly by callers. No further processing of the error is required in this change, the code that examines the errors will already do the right thing. Fixes #35580.
rosstimothy
added a commit
that referenced
this issue
Dec 14, 2023
Errors returned from the mfa prompt are now wrapped to allow them to be differentiated and acted upon accordingly by callers. No further processing of the error is required in this change, the code that examines the errors will already do the right thing. Fixes #35580.
rosstimothy
added a commit
that referenced
this issue
Dec 14, 2023
Errors returned from the mfa prompt are now wrapped to allow them to be differentiated and acted upon accordingly by callers. No further processing of the error is required in this change, the code that examines the errors will already do the right thing. Fixes #35580.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When using per session mfa and connecting via tsh if the security key isn't tapped prior to the timeout from libfido tsh attempts to re-authenticate users instead of presenting them with an error.
This stems from racing direct and mfa connections and returning the error from the direct connection, making tsh think the problem was an access issue that might be resolved by re-authenticating. Any errors that are returned from the mfa ceremony should always be favored and returned to users.
The text was updated successfully, but these errors were encountered: