Two factor authentication asks for password when using google provider

[ivan-janssens-de-varebeke-lemon]

Describe the Bug

I am using the latest dockerimage (imageSHA: sha256:6b9870f770b3b48c9bd2edd8e274e988c2672abe01b2a8578c5e94cb922103b0)

I configured google as SSO provider. When I log into the account as a google user, I have the option to add a two-factor authentication. Firstly this seems weird to keep enabled in a SSO flow. Secondly when I try to enable it, Directus asks for my password to enable 2FA, but I don't have one as it is SSO. If I then scroll to the top of the profile page and fill in a password at the top and then create a 2FA for my account. I can create one. If I then log out and try to log back in with google, it fails mentioning Wrong one-time password (see screenshot). And I can not log in anymore.

I wanted to report this bug because I think this flow can lead to weird behaviour and blocked accounts. It is currently not a concern for me as I am just testing out the framework.

To Reproduce

First flow

• Configure google as SSO provider.
• Log into the account with a google user
• Go to profile page
• Try to enable 2FA
• !! Asks for password which is not possible !!

Second flow

• Configure google as SSO provider.
• Log into the account with a google user
• Go to profile page
• Fill in password
• Enable 2FA
• Log out
• Log in with google user
• !! unable to log back in, because of 2FA !!

Directus Version

v10.5.2

Hosting Strategy

Self-Hosted (Docker Image)

[DanielBiegler]

Hi there! :)

Did this get fixed after you set your PUBLIC_URL environment variable like in #19331 ?

[ivan-janssens-de-varebeke-lemon]

No, both of the flows are occuring after setting the PUBLIC_URL env var

[rijkvanzanten]

We should disable the 2fa configuration if you're logging in through an sso provider (as the 2fa happens in there)