Hi, Per google result, Twilio security code has 30 seconds expiration period, which means if a user use phone MFA within 30 seconds, the user would always get the same security code. It says there is a setting to change this time. With ABP I don't find any setting change the expiration period. Another issue is, after 30 seconds, a new code is generated, however the previous security code still could be used. It's said this is also expected behavior of Twilio. Is it a way to disable previous security code when new code is generated?
Thanks
1 Answer(s)
-
0
Hi,
ABP uses the standard ASPNETCore TwoFactor: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/2fa?view=aspnetcore-1.1
You can override the
GenerateTwoFactorTokenAsyncmethod to invalidate the previous token.You can store it in cache and check it.
