privacyidea
privacyidea copied to clipboard
privacyidea
Token type when doing PIN change via validate/check
By the server response with a prompt for a new PIN, token type is still webauthn. That forces us to adjust the code to avoid triggering webauthn tokens if there is no sign request.
Maybe this can be a good idea:
if the server has an unordinary challenge for a specific token, type changes to: e.g. newPIN.
That seems more useful because only one thing that is telling us what the server expects is the message, which can differ by the language.
Thank you for filing an issue and sharing your observations or ideas. Please be sure to provide as many information as possible to help us working on this issue.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
OK, in such a case we could remove the tokentype, or move the "type" so s.th. like "old_type", and -- as you said -- fill the "type" with s.th. other (None).
Another way could be, that we allow including the challenge_type to the challenge.
After looking at it closer we just need to set the client mode to "interactive" in the second step. This must be added to the returned multi-challenge dictionary here: https://github.com/privacyidea/privacyidea/blob/28f138522618915950769a0fe196720f3b417393/privacyidea/lib/challengeresponsedecorators.py#L62 since all other challenges are dismissed in case of a challenge-response decorator. The Plug-In must not use the token type to "guess" the current flow.
