Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Redirect log out if not strongly authenticated #8

Closed
maxcanada opened this issue Jun 11, 2016 · 2 comments
Closed

Redirect log out if not strongly authenticated #8

maxcanada opened this issue Jun 11, 2016 · 2 comments
Labels

Comments

@maxcanada
Copy link

Hi,

While logged in but not yet input the 2FA code yet (so, on the authenticate page), when I try to access another URL, it directly logs me out. This is not a behavior that I want. I want to display the authenticate page again. Is there currently a way to do it ?

Thanks!

@clokep
Copy link
Collaborator

clokep commented Jul 6, 2016

This matches the behavior of all the web apps that I checked. I don't have a strong opinion about this, but if you don't finish the login workflow, starting over seems like a reasonable compromise between code complexity and user experience.

@clokep
Copy link
Collaborator

clokep commented Sep 19, 2016

I think this would be doable with a custom middleware layer that just redirects instead of logs out, which is what the new AllauthTwoFactorMiddleware does.

I'm inclined not to support this, but if you feel really strongly, please put up a PR with the appropriate changes and tests!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants