Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add function to select a primary 2FA provider/slim down 2FA dialog #13797

Open
j-ed opened this issue Jan 24, 2019 · 3 comments
Open

add function to select a primary 2FA provider/slim down 2FA dialog #13797

j-ed opened this issue Jan 24, 2019 · 3 comments
Labels
1. to develop Accepted and waiting to be taken care of enhancement feature: authentication

Comments

@j-ed
Copy link
Contributor

j-ed commented Jan 24, 2019

Expected behavior

If a user has multiple 2FA providers enabled, all of them are shown on one single login screen, which might result in an overloaded login mask (check out "Current behavior" below). It might be a good idea to add a function to define a primary 2FA provider and show all alternative providers under a separate menu point.

Mock-up of a possible layout:
20190124_nc_2fa-3 - mock-up

Current behavior

Login screen with multiple 2FA providers enabled:
20190124_nc_2fa-1

Login screens which are shown once a 2FA provider has been selected:
20190124_nc_2fa-2
or
20190124_nc_2fa-3

Environment

Server Configuration

OS: Linux 3.16.50
Web server: Apache2 2.4.37
Database: MariaDB 10.2.19
PHP version: 7.2.14
Nextcloud version: 15.0.2

Client Configuration

Browser: Mozilla Firefox 64.0.2
Operating system: Windows 10
@j-ed j-ed added 0. Needs triage Pending check for reproducibility or if it fits our roadmap enhancement labels Jan 24, 2019
@ChristophWurst
Copy link
Member

This has been discussed before, but I can't find the ticket (#13051 is related but not the correct one). The problem is that rendering providers often causes side effects (changes to the db, messages to external systems), hence we have to be a bit conservative on what we show by default. Imagine that you use the 2FA gateway app and on login it sends messages to Telegram, Signal, SMS and a Nextcloud notification to all your connected devices with the nextcloud_notifications provider. I don't think this is what you want.

We have to find a way to declare providers as free of side effects. So something similar to #13051 like a tagging interface. If all providers support that, we can render all their templates at once and offer faster selection for the user.

Does that make sense?

@ChristophWurst ChristophWurst added 1. to develop Accepted and waiting to be taken care of and removed 0. Needs triage Pending check for reproducibility or if it fits our roadmap labels Jan 25, 2019
@ChristophWurst
Copy link
Member

But of course we could have a selected primary. Note that as with the reasoning above we can't directly show the alternatives on the same page but would have to redirect back to our usual provider selection page.

@rugk rugk mentioned this issue Jan 15, 2020
Closed
@rugk
Copy link

rugk commented Jan 15, 2020

Had the same idea in nextcloud/twofactor_u2f#270 and I would propose to have a "priority system", where 2FA providers can declare a priority and then ónly the highest-prio provider ist triggered automatically, while the other ones can be choosen as alternatives below or so.

It does not even have to be user-configurable, because it is likely obvious that you e.g. prefer U2F keys over TOTP codes for convenience/usability.

Just like GitHub does, e.g.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1. to develop Accepted and waiting to be taken care of enhancement feature: authentication
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ChristophWurst @joshtrichards @j-ed @rugk