Open ivan-janssens-de-varebeke-lemon opened 1 year ago
Hi there! :)
Did this get fixed after you set your PUBLIC_URL
environment variable like in #19331 ?
No, both of the flows are occuring after setting the PUBLIC_URL env var
We should disable the 2fa configuration if you're logging in through an sso provider (as the 2fa happens in there)
Describe the Bug
I am using the latest dockerimage (imageSHA: sha256:6b9870f770b3b48c9bd2edd8e274e988c2672abe01b2a8578c5e94cb922103b0)
I configured google as SSO provider. When I log into the account as a google user, I have the option to add a two-factor authentication. Firstly this seems weird to keep enabled in a SSO flow. Secondly when I try to enable it, Directus asks for my password to enable 2FA, but I don't have one as it is SSO. If I then scroll to the top of the profile page and fill in a password at the top and then create a 2FA for my account. I can create one. If I then log out and try to log back in with google, it fails mentioning
Wrong one-time password
(see screenshot). And I can not log in anymore.I wanted to report this bug because I think this flow can lead to weird behaviour and blocked accounts. It is currently not a concern for me as I am just testing out the framework.
To Reproduce
First flow
Second flow
Directus Version
v10.5.2
Hosting Strategy
Self-Hosted (Docker Image)