FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    2FA login flow for users who aren't registered with a given client / application

    Scheduled Pinned Locked Moved Unsolved
    Q&A
    2
    2
    425
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      slifty
      last edited by

      I have an authentication flow for a specific client where some users have 2FA enabled. This involves a call to the login API, which I understand from the documentation will return:

      • 200 if the auth is successful.
      • 202 if the auth is successful BUT the user is not registered with the client.
      • 242 if the auth was successful BUT the user has 2FA enabled.

      Our application uses refresh tokens (which are only provided if the user is registered with the client). This means if we get a 202 we automatically register the user with the application and re-try login.

      My question: What happens if the user is BOTH unregistered AND has 2FA? I believe in that case 242 is returned by /login, which then signals the need for a 2FA flow. However, I can't find the documentation for twoFactorLogin to know if 202 as a possible response from the /api/two-factor/login endpoint.

      mark.robustelliM 1 Reply Last reply Reply Quote 0
      • mark.robustelliM
        mark.robustelli @slifty
        last edited by

        @slifty Let's start with what your desired workflow is and go from there. How would you like the login to work?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post