Closed hobbitronics closed 6 days ago
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code
It's going to be more tricky than this, because the same endpoint is used to verify a new webauthn, and we probably don't want to set the date in that case. Though I suppose it wouldn't be terrible since they would have had to login not long prior to that time in order to add the webauthn.
We would also need to update the last_login_utc when mfa isn't required (30 days or so after using it). That data doesn't seem to be available here unless its stored in the user. I am guessing it is stored as a cookie or in a session by simpleSaml on the client. I am starting to think this is the tricky part.
Closing as a different approach is required
IDP-781
Fixed
Feature PR Checklist
make composershow
make psr2