Add an option to not require 2FA when the authentication is done by a 3rd party server

OrchardCMS / OrchardCore

Orchard Core is an open-source modular and multi-tenant application framework built with ASP.NET Core, and a content management system (CMS) built on top of that framework.

https://orchardcore.net

BSD 3-Clause "New" or "Revised" License

7.36k stars 2.37k forks source link

Add an option to not require 2FA when the authentication is done by a 3rd party server #13955

Open MikeAlhayek opened 1 year ago

MikeAlhayek commented 1 year ago

Is your feature request related to a problem? Please describe.

If the app uses external service like Azure, Facebook, Google, or any other services, there should be an option in the 2FA settings to not require 2FA for these externally authorized users.

For example, services like Facebook, Azure or others may have 2FA process already in place.

@Piedone

ns8482e commented 1 year ago

Shouldn't disabling module enough?

Piedone commented 1 year ago

No, you still need 2FA for local logins.

ns8482e commented 1 year ago

I see! So if you have mixed logins like local, azure, Google, Facebook etc and now the option will allow enable/disable 2FA per login provider?

MikeAlhayek commented 1 year ago

@ns8482e yea because not all openId services support 2FA. I don't think there is anything indicate 2FA was used via openid response.

@kevinchalet is there a way to tell from the OpenId servers if 2FA was used? I know amr claim will have 2fa value whrn 2fa is used during login. But, amr claim does not always indicate correct value like when a user choose to remember their device.

Piedone commented 11 months ago

Anybody interested in looking into this any time soon?