Optional 2FA/MFA #1118
Unanswered
TheDavidFactor
asked this question in
Q&A
Optional 2FA/MFA
#1118
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
If SECURITY_TWO_FACTOR = True and SECURITY_TWO_FACTOR_REQUIRED = False then users can optionally enable 2FA.
Is there a way I can expand on this so that specific endpoints require 2FA while other endpoints only require being logged in?
Based on my reading of docs and testing, it appears that 2FA is all or nothing.
I would like to create this usage pattern:
public page -> user login (email / password) -> auth_required page -> 2fa_required page -> if not passed 2fa this session redirect to 2fa validation (/tf_validate) then back to 2fa_required page.
Similar in function to auth_required, but specific to 2fa after user is already authenticated.
Does what I'm asking make sense?
Is it possible?
Beta Was this translation helpful? Give feedback.
All reactions