Verify-Two-Factor-Code-on-mobile #7364 | ABP Support | ABP.IO | ABP Support

pauldonn created 3 months ago

ABP Framework version: v8.1.0
UI Type: Flutter
Database System: EF Core SQL Serve
Tiered (for MVC): yes
Exception message and full stack trace:
- { "error": "invalid_grant", "error_description": "RequiresTwoFactor", "error_uri": "https://documentation.openiddict.com/errors/ID2024", "userId": "[userId]", "twoFactorToken": "[token]" }
Steps to reproduce the issue:
1. Enable 2FA for the user:
1. POST to /connect/token
- client_id: [clientId]
- grant_type: password
- username: [user]
- password: [password]
- scope: [scope]

We need to enable 2FA for our mobile app. When it is enabled for a user the connect/token request returns an "invalid_grant" error witth "RequiresTwoFactor" message. We can request a 2FA code with a request to account/send-two-factor-code but are unsure how to verify this code and proceed with authenticating the user.

How can we verify the code returned from account/send-two-factor-code and login the user?

6 Answer(s)

0

pauldonn created 2 months ago

Hi, is anyone able to assist with this issue?
0

masum.ulu created 3 months ago
Support Team Angular Developer

Hi this is related with OpenIddict https://docs.abp.io/en/commercial/latest/modules/openiddict

you need to register your flutter app to OpenId in that way you can enable 2F auth.
0

pauldonn created 2 months ago

Thanks for the reply. We have the OpenIddict module on our Blazor web application (.Net 8.0). We are trying to have our mobile app authenticate against this application to allow for API calls.

Before we enabled 2FA we were able to authenticate with the token endpoint but cannot anymore with the 2FA challenge.

With the OpenIddict module already on the web application, is there an endpoint for our mobile app to login and handle a 2FA challenge?
0

liangshiwei created 2 months ago
Support Team Fullstack Developer

Hi,

When your login fails, a security code will be generated and responded.

https://github.com/abpframework/abp/blob/OrganizationUnitEto/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs#L224-L244

Then you can request again using the security code

https://github.com/abpframework/abp/blob/OrganizationUnitEto/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs#L199-L200
0

pauldonn created 2 months ago

Thanks liangshiwei, but I get 404s for those links. Have they been moved? I can't seem to find it by searching either.
0

liangshiwei created 2 months ago
Support Team Fullstack Developer

Sorry,

https://github.com/abpframework/abp/blob/dev/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs#L224-L244

https://github.com/abpframework/abp/blob/dev/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs#L199-L200

Have an answer to this question? Log in and write your answer.