2FA
-
After I go through
api/login
with credentials of a user who has 2FA enabled, I get this response:{"methods":[{"id":"4ZF7","lastUsed":true,"method":"sms","mobilePhone":"17062259155"}],"twoFactorId":"ETCK_CQPo5ARy7SvrWC7vd4rC0ilbNRSc52pdE0rDd0"}
I then immediately grab the method ID and
twoFactorId
from that and request that FA send a code to that two factor method, like so:curl -v -X POST 'https://fa.capital.dev.tranwall.net/api/two-factor/send/ETCK_CQPo5ARy7SvrWC7vd4rC0ilbNRSc52pdE0rDd0' -H 'Cookie: access_token=eyJhb...; refresh_token=Zzanp...' -H 'Accept: application/json, text/plain, */*' -H 'Content-Type: application/json' -d '{"methodId":"4ZF7"}'
Unfortunately, this responds with a
400
:{"fieldErrors":{"methodId":[{"code":"[invalid]methodId","message":"The [methodId] is not valid. No two-factor method with this Id was found enabled for the user."}]}}
Why would the
methodId
be invalid, if it is given to me by FA in the first place? -
My only option here has been to disable MFA for this user and have them enable it again on next login.
EDIT: Sorry, I didn't add a good topic name. Maybe "Invalid methodID for MFA-enabled user".
-
Hmmm. What version of FusionAuth are you running? I looked at the code and this sequence should work fine.
This certainly looks like it might be a bug. Would you mind filing an issue with details, including your version and a link to this forum post? https://github.com/fusionauth/fusionauth-issues/issues
Thanks!
-
@dan I have filed an issue here: https://github.com/FusionAuth/fusionauth-issues/issues/1627