Open Closed

Twilio security code internals #7962


User avatar
0
DominaTang created

Hi, Per google result, Twilio security code has 30 seconds expiration period, which means if a user use phone MFA within 30 seconds, the user would always get the same security code. It says there is a setting to change this time. With ABP I don't find any setting change the expiration period. Another issue is, after 30 seconds, a new code is generated, however the previous security code still could be used. It's said this is also expected behavior of Twilio. Is it a way to disable previous security code when new code is generated?

Thanks


1 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    ABP uses the standard ASPNETCore TwoFactor: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/2fa?view=aspnetcore-1.1

    You can override the GenerateTwoFactorTokenAsync method to invalidate the previous token.

    You can store it in cache and check it.

Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
Do you need assistance from an ABP expert?
Schedule a Meeting
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v9.2.0-preview. Updated on March 20, 2025, 18:00