MKodde
commented
2 years ago Would this work for you @tvdijen in the light of https://github.com/OpenConext/Stepup-SelfService/issues/271?
Closed MKodde closed 2 years ago
MKodde
commented
2 years ago Would this work for you @tvdijen in the light of https://github.com/OpenConext/Stepup-SelfService/issues/271?
tvdijen
commented
2 years ago I wonder if it makes more sense to add this to the middleware-institution.json as allowed_recovery_methods.. This touches corporate policies and may differ per org.
MKodde
commented
2 years ago That was one of our/my thoughts. But at first our aim was to keep it simple. If your suggested use-case becomes a real life request from one of our institutions, then we might take action.
tvdijen
commented
2 years ago In that case, I'm cool with it as-is!
SMS or safe store recovery token types can be enabled and disabled. But never can both be disabled.
See https://www.pivotaltracker.com/story/show/183636781