keycloak-2fa-email-authenticator icon indicating copy to clipboard operation
keycloak-2fa-email-authenticator copied to clipboard

Published 20 hours ago • verified publisher icon mesutpiskin

Sometimes the OTP is not required (skipped)

Open elarbi opened this issue 2 months ago • 0 comments

Hi,

I've deployed the extension to Keycloak 24.0.1, it work fine excpet for a scenario where I'm able to authenticate a user without having to provide an OTP. The OTP form is skipped. Here's the scenario (under Chrome):

  • Launch myapp url, I'm redirected to keycloak login form
  • Fill login and password then submit, I get the OTP code form and also receive an email
  • Open another tab, lauch my app url, I'm redirected to keycloak login form
  • Fille login and password then submit, I'm succesfully authenticated to my app without going through the OTP form :(

Any clue pls

Best regards

elarbi avatar Apr 27 '24 10:04 elarbi