MFA via CompanionApp
13e0389f9b5aUnpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

This commit no longer exists in the repository. It may have been part of a branch which was deleted.This commit has been deleted in the repository: it is no longer reachable from any branch, tag, or ref.

Description

MFA via CompanionApp

API is protected by either api (full access), or mfa scopes
The second factor only interacts via the mfa scope
Each companion app get's it's own oauth_client, which enforces the allowed scope via the new allowed_scopes column + the TokenObserver.
MFA is not checked for MFA device interactions. This is to allow pairing & using a new device if an existing one was e.g. lost.
The QR-Code is now printable and includes the generated oauth_client secret. Together with the relaxation of mfa-checking for the mfa scope, this allows to create & print recovery qr-codes.

Further changes:

The companion app is now offered for direct download via configurable download link.
The companion app primary key is now a uuid (in binary form), since it's exposed in the api.

Notes:

The companion app table is truncated on migration because nothing is currently relying on it and no important data is lost.

Builds on D3698

Differential Revision: https://git.kolab.org/D3932

Details

Provenance

mollekopf	Authored on Nov 3 2022, 12:22 PM
mollekopf	Pushed on Nov 9 2022, 3:56 PM

Differential Revision

D3932: MFA via CompanionApp

Event Timeline

Christian Mollekopf <mollekopf@apheleia-it.ch> committed rK13e0389f9b5a: MFA via CompanionApp (authored by Christian Mollekopf <mollekopf@apheleia-it.ch>).Nov 9 2022, 9:00 AM

Commit No Longer Exists

This commit no longer exists in the repository.