Closed jonmountjoy closed 10 years ago
raul
commented
10 years ago Just to add some context: toolbelt asked @jonmountjoy to log in because he was using a different account the last time he visited toolbelt. Toolbelt detected a different heroku_session code and sent him to id.h.c to perform a OAuth dance and come back to open a session with the right account.
friism
commented
10 years ago Is this problem specific to 2FA? Or is it a general identity bug?
raul
commented
10 years ago The problem might reside in the 2FA-identity integration (identity needs some data to know where to redirect you to) but we've only seen it on accounts with 2FA enabled.
friism
commented
10 years ago I just tried a link with to the forums with 2FA off, and it took me to dashboard, so I think this is an identity problem.
friism
commented
10 years ago Closing and waiting for fix on identity.
brandur
commented
10 years ago Tracking this in heroku/api#1938.
Jon, I've tried to repro this when others reported it, but am having a lot of trouble doing so. If you can remember anything special about your session or browser state when this happened and want to jot down a few notes over there, it would be greatly appreciated!
I visited toolbelt.heroku.com after enabling 2FA.
It wanted me to log in. I did. It then asked for my 2FA code. I entered it.
It then redirected me to dashboard.
That's definitely wrong. It should have sent me on to where I was going, which was the toolbelt web site.