search

OrchardCMS / OrchardCore

Orchard Core is an open-source modular and multi-tenant application framework built with ASP.NET Core, and a content management system (CMS) built on top of that framework.
https://orchardcore.net
BSD 3-Clause "New" or "Revised" License
7.45k stars 2.4k forks source link

After I enable openid, 2FA will appear when the registered user is enabled, and after verifying 2FA, I cannot jump back to the url client that was originally requested #16917

Open onestar1 opened 4 weeks ago

onestar1 commented 4 weeks ago

Describe the bug

After I enable openid, 2FA will appear when the registered user is enabled, and after verifying 2FA, I cannot jump back to the url client that was originally requested

Orchard Core version

2.0.2

To Reproduce

1、open openid and setting image 2、When accessing domain A, redirect to server authorization and pop up access image 3、Registering a new account will automatically redirect to the 2FA page image image

4、Unable to redirect back to the initial request's openid client URL after binding 2FA image It will only stay on this page.

Expected behavior

So, did I make a configuration error somewhere? Is 2FA still not allowed after opening openid?

After registering as a user and automatically logging in, it will redirect back to the original OID request client URL

Logs and screenshots

MikeAlhayek commented 4 weeks ago

Setup

So you have site A (OpenID Server). Also, you have site B (OpenId Client) that exposes "Site A" button for users to login with which connects to site A. In site A, you have enabled site registration to allow any one to register into your OpenID server.

Use Case

Now anonymous user visit you site B and tries to login. Then click on "Site A" button to login using the external provider. On site A, they register a new user, enable 2FA (all at the server). Now you are expecting the user to be redirected back to Site A and log them in. Is my understanding correct?

onestar1 commented 4 weeks ago

Setup

So you have site A (OpenID Server). Also, you have site B (OpenId Client) that exposes "Site A" button for users to login with which connects to site A. In site A, you have enabled site registration to allow any one to register into your OpenID server.

Use Case

Now anonymous user visit you site B and tries to login. Then click on "Site A" button to login using the external provider. On site A, they register a new user, enable 2FA (all at the server). Now you are expecting the user to be redirected back to Site A and log them in. Is my understanding correct?

yes. you are right.

github-actions[bot] commented 3 weeks ago

We triaged this issue and set the milestone according to the priority we think is appropriate (see the docs on how we triage and prioritize issues).

This indicates when the core team may start working on it. However, if you'd like to contribute, we'd warmly welcome you to do that anytime. See our guide on contributions here.