search

logto-io / logto

🧑‍🚀 The better identity infrastructure for developers and the open-source alternative to Auth0.
https://logto.io
Mozilla Public License 2.0
7.86k stars 386 forks source link

bug: 2FA Redirection Issue after Third-Party Login with Same Email #6111

Closed TheresaQWQ closed 2 weeks ago

TheresaQWQ commented 2 weeks ago

Describe the bug

After registering an account on Logto and enabling 2FA, logging in using a third-party login with the same email does not redirect to the 2FA page after email verification.

Expected behavior

The frontend should redirect to the 2FA page after verifying the email during third-party login.

How to reproduce?

  1. Register an account on Logto and enable 2FA.
  2. Log out and try to log in using a third-party login (e.g., GitHub) with the same email.
  3. Complete the email verification step.
  4. Notice that the frontend does not redirect to the 2FA page.

Context

Screenshots

image image

darcyYe commented 2 weeks ago

There seems to be some issues in your reproduce flow:

  1. After the Logto OSS deployment, the first registered user serves as Logto's Administrator. It seems that the only available login method for the Administrator is username + password.
  2. In Step 2, you mentioned "sign in with third-party login with the 'same email'". However, "email" is not mentioned in either Steps 1 or 2.
  3. If you use the "third-party login" you mentioned and can successfully get the returned email, then email verification is not needed in the sign-in flow.
darcyYe commented 2 weeks ago

Please provide correct detailed steps and describe how you encountered the issue so that we can verify the problem.