2fa icon indicating copy to clipboard operation
2fa copied to clipboard
verified publisher icon scheb

Failover 2FA

Open ehymel opened this issue 1 year ago • 1 comments

I have multiple 2FA methods enabled (totp, two_factor_text, email) with a service implementing TwoFactorProviderDeciderInterface to pick which to use. One of these (email) is the default method and always available.

I recently encountered an issue where my SMS provider was unavailable, so anyone using text-based 2FA was unable to authenticate and login.

When multiple methods are available, it would be nice to catch any error sending the 2FA code and then try the next available method.

The flow in my case would be:

login --> send 2fa code via text --> fail --> send 2fa code via email

I wouldn't mind working on this if you could point me to a hook in the code to implement.

ehymel avatar Jun 15 '24 18:06 ehymel

This is where the provider preparation is executed and where a fallback logic would need to go: https://github.com/scheb/2fa/blob/43051f8e5eb54fc5c69fa3569636a42225cad6a6/src/bundle/Security/TwoFactor/Provider/TwoFactorProviderPreparationListener.php#L114

scheb avatar Jun 15 '24 19:06 scheb