FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login
    1. Home
    2. slifty
    S
    • Profile
    • Following 0
    • Followers 0
    • Topics 1
    • Posts 1
    • Best 0
    • Controversial 0
    • Groups 0

    slifty

    @slifty

    0
    Reputation
    1
    Profile views
    1
    Posts
    0
    Followers
    0
    Following
    Joined Last Online
    slifty Unfollow Follow

    Latest posts made by slifty

    • 2FA login flow for users who aren't registered with a given client / application

      I have an authentication flow for a specific client where some users have 2FA enabled. This involves a call to the login API, which I understand from the documentation will return:

      • 200 if the auth is successful.
      • 202 if the auth is successful BUT the user is not registered with the client.
      • 242 if the auth was successful BUT the user has 2FA enabled.

      Our application uses refresh tokens (which are only provided if the user is registered with the client). This means if we get a 202 we automatically register the user with the application and re-try login.

      My question: What happens if the user is BOTH unregistered AND has 2FA? I believe in that case 242 is returned by /login, which then signals the need for a 2FA flow. However, I can't find the documentation for twoFactorLogin to know if 202 as a possible response from the /api/two-factor/login endpoint.

      posted in Q&A
      S
      slifty