Attempt to disable mfa when requesting an mfa token.
eb98f92f272fUnpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

This commit no longer exists in the repository. It may have been part of a branch which was deleted.This commit has been deleted in the repository: it is no longer reachable from any branch, tag, or ref.

Description

Attempt to disable mfa when requesting an mfa token.

If we're to use the mfa api to pair a backup device we must not run mfa
verification while obtaining a token for mfa (because we couldn't if
we've lost the other device).

For the recovery case the two factors are:

username + password
mfa client secret encoded in qrcode

If we had multiple second factor devices we could arguably thighten that
up.

An alternative could be to allow a device to register itself without
oauth at all.

Details

Provenance

mollekopf	Authored on Nov 4 2022, 8:58 AM
mollekopf	Pushed on Nov 4 2022, 9:03 AM

Event Timeline

Christian Mollekopf <mollekopf@apheleia-it.ch> committed rKeb98f92f272f: Attempt to disable mfa when requesting an mfa token. (authored by Christian Mollekopf <mollekopf@apheleia-it.ch>).Nov 4 2022, 8:58 AM

Commit No Longer Exists

This commit no longer exists in the repository.