OAuth logins with 2FA don't complete first time #1191
Comments
|
This looks important in the context of #1180 |
|
I was not able to reproduce this while using OTP for 2FA approach. However, i was able to reproduce this while using U2F for 2FA approach. So it seems like a bug with the latter. |
|
@benjojo were you using a U2F device (yubikey, fingerprint scanner, os pin, etc.,) or a one-time-password (google authenticator) as 2FA method? |
|
I actually don't use 2FA on my PeeringDB account, but I can try and ask the
users who hit this
…On Wed, Jun 15, 2022 at 2:33 PM Stefan Pratter ***@***.***> wrote:
@benjojo <https://github.com/benjojo> were you using a U2F device or a
one-time-password (google authenticator) as 2FA method?
—
Reply to this email directly, view it on GitHub
<#1191 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AALPK4RZHYKWJ4IUV4JOKJLVPHLS5ANCNFSM5Y24JOUA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
It was a U2F device yes |
|
Routed through to 3a as identified as a bug by a developer |
|
+1 |
|
Enabling TOTP as well as U2F seems to allow me to login via OAUTH |
vegu
added a commit
that referenced
this issue
Feb 14, 2023
Merged
vegu
added a commit
that referenced
this issue
Feb 15, 2023
* fix next redirect when using U2F 2FA auth (#1191) * Added self identifier to API * fix migrations hierarchy after merging in previous support branch * campus object Co-authored-by: Stefan Pratter <stefan@20c.com> * fix out of bound error message add city / country to campus view * fix tests * relock poetry * linting * linting * fix docs regen * regen docs * linting * refactor self entity view to support carrier and campus object types and also make it easier to support additional object types in the future * remove debug message --------- Co-authored-by: Gajanan Patil <dipaksavaliya.python@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
When a user is authenticating to another site via the peeringdb OAuth system, and they are not logged in to PeeringDB already, and they have 2FA enabled, the flow dumps them into the main page after 2FA, and not the OAuth flow.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
For 2FA users to get the permissions screen after 2FA auth, like the non 2FA users do
Who is affected by the problem?
bgp.tools users, and probably anyone else using OAuth logins
What is the impact?
People get confused during login flows. Making PeeringDB OAuth harder to use.
Are there security concerns?
At least one person disabled 2FA because of this
The text was updated successfully, but these errors were encountered: