kratos
kratos copied to clipboard
Published
20 hours ago •
ory
ory
During reauthentication for the settings flow 2FA is not used even if it's enabled for the account
Preflight checklist
- [X] I could not find a solution in the existing issues, docs, nor discussions.
- [X] I agree to follow this project's Code of Conduct.
- [X] I have read and am following this repository's Contribution Guidelines.
- [X] I have joined the Ory Community Slack.
- [X] I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
No response
Describe the bug
After the session isn't privileged anymore and we go to the settings page we are being redirected to the login page. After we provide proper credential we are not being asked for the 2fa code
Reproducing the bug
Steps to reproduce:
- log in(account should have 2fa enabled) and navigate to the settings
- wait for
privileged_session_max_age - try to change the password
- you are being redirected to the login flow and need to reauthenticate
- is: password change is finished
- should be: after logging in we should be redirected to 2fa and the changes should be applied after we log in with the code
Relevant log output
No response
Relevant configuration
No response
Version
1.1.0 with small changes
On which operating system are you observing this issue?
None
In which environment are you deploying?
None
Additional Context
No response
