You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If a user has multiple 2FA providers enabled, all of them are shown on one single login screen, which might result in an overloaded login mask (check out "Current behavior" below). It might be a good idea to add a function to define a primary 2FA provider and show all alternative providers under a separate menu point.
Mock-up of a possible layout:
Current behavior
Login screen with multiple 2FA providers enabled:
Login screens which are shown once a 2FA provider has been selected:
or
Environment
Server Configuration
OS: Linux 3.16.50
Web server: Apache2 2.4.37
Database: MariaDB 10.2.19
PHP version: 7.2.14
Nextcloud version: 15.0.2
Client Configuration
Browser: Mozilla Firefox 64.0.2
Operating system: Windows 10
The text was updated successfully, but these errors were encountered:
This has been discussed before, but I can't find the ticket (#13051 is related but not the correct one). The problem is that rendering providers often causes side effects (changes to the db, messages to external systems), hence we have to be a bit conservative on what we show by default. Imagine that you use the 2FA gateway app and on login it sends messages to Telegram, Signal, SMS and a Nextcloud notification to all your connected devices with the nextcloud_notifications provider. I don't think this is what you want.
We have to find a way to declare providers as free of side effects. So something similar to #13051 like a tagging interface. If all providers support that, we can render all their templates at once and offer faster selection for the user.
But of course we could have a selected primary. Note that as with the reasoning above we can't directly show the alternatives on the same page but would have to redirect back to our usual provider selection page.
Had the same idea in nextcloud/twofactor_u2f#270 and I would propose to have a "priority system", where 2FA providers can declare a priority and then ónly the highest-prio provider ist triggered automatically, while the other ones can be choosen as alternatives below or so.
It does not even have to be user-configurable, because it is likely obvious that you e.g. prefer U2F keys over TOTP codes for convenience/usability.
Expected behavior
If a user has multiple 2FA providers enabled, all of them are shown on one single login screen, which might result in an overloaded login mask (check out "Current behavior" below). It might be a good idea to add a function to define a primary 2FA provider and show all alternative providers under a separate menu point.
Mock-up of a possible layout:
Current behavior
Login screen with multiple 2FA providers enabled:
Login screens which are shown once a 2FA provider has been selected:
or
Environment
Server Configuration
OS: Linux 3.16.50
Web server: Apache2 2.4.37
Database: MariaDB 10.2.19
PHP version: 7.2.14
Nextcloud version: 15.0.2
Client Configuration
Browser: Mozilla Firefox 64.0.2
Operating system: Windows 10
The text was updated successfully, but these errors were encountered: