feat: 2fa backup codes #9
Conversation
Co-authored-by: Peer Richelsen <[email protected]>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
codex-cal_dot_com/apps/web/pages/auth/login.tsx
Lines 178 to 182 in a308075
Expose backup codes on all 2FA login flows
The backup–code UI lives in TwoFactorFooter (lines 103‑131) but the footer is only rendered when totpEmail is falsy (lines 178‑182). Any login flow that redirects to /auth/login?totp=…—e.g. Google/SAML sign‑ins or other identity‑provider flows—always supplies totpEmail, so those users are forced into ExternalTotpFooter and never see the “Lost access” button or the BackupCode input. Consequently, backup codes cannot be used at all for SSO users even though they can generate them, which defeats the purpose of the feature whenever 2FA is enforced through those flows.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Test 3
Replicated from ai-code-review-evaluation/cal.com-cursor#3