Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Removing TOTP and trying to sign in shows a security key as an MFA option but doesn't actually work #339

Open
lukasSerelis opened this issue Oct 18, 2024 · 3 comments
Assignees
Labels
bug Something isn't working

Comments

@lukasSerelis
Copy link

If you remove the TOTP method from an account that has backup codes set up, it'll show option to enter backup code after correctly inputting email + password, but will also show the "Sign in with security key" as an option. Clicking which, you get taken to the initial login state.

Flow:
(pre-reqs - account registered, TOTP unlinked, passwordless sign in set up, backup codes set up)

  1. Enter email and password, hits Sign in
    image

2)Sees screen with backup recovery code entry and sign in with security key option. Click sign in with security key.
image

  1. Taken to the initial login page.
    image

The sign in with security key option should not be in that screen to begin with.

@lukasSerelis lukasSerelis added the bug Something isn't working label Oct 18, 2024
Copy link

Thank you for reporting us your feedback!

The internal ticket has been created: https://warthogs.atlassian.net/browse/IAM-1163.

This message was autogenerated

@natalian98
Copy link
Contributor

@edlerd could you hide the "Sign in with security key" button on 2fa screen?

@edlerd edlerd self-assigned this Oct 18, 2024
@edlerd
Copy link
Contributor

edlerd commented Oct 18, 2024

I cannot reproduce this with the current main branch locally.

I created an account with backup codes, mfa, and passkeys. Then removed mfa. Then started a login with username/password. The backup code screen has no notion of the passkeys for me.

image

Also after setting up mfa again, the 2fa screen has no notion of the passkeys.

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

3 participants