"Two Factor Revalidation required." #266
Comments
|
Solved: Added a Passkey before. Had to logout and login first to be able to add another passkey or add a 2FA method. This should either noted after adding a passkey or ideally a logout happens automatically. Never took so long to secure an account... Leaving this open so you guys are able to improve things based on my (this) bad onboarding experience. |
|
Thanks for the ticket. We'll look into the re-auth logic to understand what has happened. |
|
I suspect this might be somewhat related to the way the revalidation-is-needed logic was implemented in the settings flow. The way it was implemented is that it's a date field on the user record, which is reliant upon being refreshed from the server. This works great in low-latency environments, but potentially could run into race-conditions in production. In #283 I've been working on revalidation logic and helpers for use outside of the settings helper, and I found the best way was to use a dedicated cookie that is either present or not, as the revalidate modal would set it (or in this case, the confirmation that 2FA is enabled), and the cookie would expire before the sessions validation expires. |
Can't enable 2FA. Once providing a OTP after registering with Authy, I get
"Two Factor Revalidation required."
Tried several times.
The text was updated successfully, but these errors were encountered: