Open Closed

Twilio security code internals #7962


User avatar
0
DominaTang created

Hi, Per google result, Twilio security code has 30 seconds expiration period, which means if a user use phone MFA within 30 seconds, the user would always get the same security code. It says there is a setting to change this time. With ABP I don't find any setting change the expiration period. Another issue is, after 30 seconds, a new code is generated, however the previous security code still could be used. It's said this is also expected behavior of Twilio. Is it a way to disable previous security code when new code is generated?

Thanks


1 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    ABP uses the standard ASPNETCore TwoFactor: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/2fa?view=aspnetcore-1.1

    You can override the GenerateTwoFactorTokenAsync method to invalidate the previous token.

    You can store it in cache and check it.

Made with ❤️ on ABP v9.1.0-preview. Updated on November 11, 2024, 11:11