Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

On first login, validate the just-entered mobile number #24

Open
bickelj opened this issue Apr 28, 2023 · 2 comments
Open

On first login, validate the just-entered mobile number #24

bickelj opened this issue Apr 28, 2023 · 2 comments

Comments

@bickelj
Copy link
Contributor

bickelj commented Apr 28, 2023

On the first login flow, the user has no mobile number with which to use as another factor of authentication, and the user enters that mobile number. On subsequent logins, 2FA is active, but that first login does not (yet) require validation of the mobile number.

The mobile number should be validated via OTP on first login somehow.
@reefdog
Copy link
Contributor

reefdog commented Apr 28, 2023

Gonna add a framing requirement that will probably require onerous special-casing of auth logic, but:

Until the user provides and confirms their 2FA, they shouldn't actually be able to use their authentication to do anything. (I clarify that last point so we don't get in the weeds on what actually constitutes authentication.)

@kfogel
Copy link
Contributor

kfogel commented Apr 25, 2024

This seems related to issue #5 though not exactly a dup of it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@reefdog @kfogel @bickelj