Christian Scheb

> We cannot remove them as these classes are not marked as internal. We need to deprecate these constructor parameters first (happy to help with the BC layer.) @chalasr Ok,...

So here's a suggestion. The fabbot.io failing seems to be unrelated to my changes. Considerations: - The fact that `$listeners` is an iterable makes things messy when trying to ensure...

This is where the provider preparation is executed and where a fallback logic would need to go: https://github.com/scheb/2fa/blob/43051f8e5eb54fc5c69fa3569636a42225cad6a6/src/bundle/Security/TwoFactor/Provider/TwoFactorProviderPreparationListener.php#L114

We cannot change this line, because it changes the behavior of the bundle. If we change this, you're no longer redirected to the 2fa form after login. I tried locally...

Closing this as "won't fix", since it's necessary to fetch the security token, to determine if we're in a 2fa process or not. The recommended solution is to flag routes...

That's outside of the bundle's influence. It is using Symfony's CSRF token manager, specifically the `security.csrf.token_manager` service. If you want to change CSRF token behaviour in your application, you have...

Okay, I see what the problem is. To be honest, I totally forgot this was part of the implementation. Stupid question, how did you solve this for the initial login?...

Did you find a way to solve this? Given the current implementation, the only way I can think of would be to replace either `TwoFactorFirewallConfig` or `RequestDataReader` with a custom...

Since version 7.9.0, a header can be configured with the `csrf_header` option. See: https://github.com/scheb/2fa/blob/7.x/doc/configuration.rst

Writing data to S3 seems to have specific requirements. The logging implementation is very similar to what [Monolog](https://github.com/Seldaek/monolog) is doing and I believe Monolog doesn't support S3 out-of-the-box. I've found...