[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug]: Two factor authentication with oauth2 enabled cannot be implemented properly

Hello Everyone,

I want to bring this problem to your notice that its currently no way
possible to implement two-factor authentication with oauth2 enabled within
the application as user details cannot be retrieved without the two-factor
access token set in the header. Its the user details object which contains
a property to tell whether two-factor authentication is enabled. Due to
this circular dependency, one cannot happen without the other.

There should be some way to know whether two-factor authentication is
enabled while retrieving the oauth2 access token either with the response
containing the token or user details(only the ones which are necessary)
should be initially retrievable without the two-factor authentication
I have created an issue for your reference: