If an `authInit()` calls fails, skip loading that MFA's extra data

silinternational / idp-id-broker

API to abstract identity persistence in IdP-in-a-box solution

MIT License

1 stars 1 forks source link

Closed forevermatt closed 5 months ago

forevermatt commented 5 months ago

If an authInit() calls fails, skip loading that MFA's extra data
- This should help us still allow a user to log in even if the WebAuthn MFA API is down, merely preventing those WebAuthn MFA options from working but allowing the "remember me" cookie and the other MFA options to work.

forevermatt commented 5 months ago

I tested this on staging, and it works as desired:

Logging in and using TOTP for the MFA works.
Logging in and using the remember-me cookie works.
Logging in and using WebAuthn for the MFA shows a reasonable error message (but still allows switching to a different MFA option).
Logging in and using a printable backup code works.