I am all but certain there is a setting or something I’m missing. I am test an existing app with established users to see what happens when I enable 2FA, specifically how they will be prompted upon next login. I’ve selected require 2FA, and allow reset by mail. When I test, I see ‘No authentication methods available’ - and I select reset by email. I do receive an email, but clicking on the link always produces the error indicating that my app is unable to handle the request.
What am I missing?
UPDATE: I’ve read, and re-read the documentation. I’ve checked everything. In my testing, this simply does not work for an existing user when I enable two-factor. The reset by mail still just returns this message:
1 Like
Hmm, I tried it for the first time in a blank app and it works (mostly) as expected.
- I created a blank app (with a
login_with_form() check in the client)
- I set the Users service to “email and password”, enabled 2FA and “reset 2FA by email”
- I set up a test user (myself) and set up a password
- I ran the app, seeing “no authentication methods available”, which I belive is to be expected at this stage.
- I clicked “reset 2FA by email”
- I clicked that link in my email, scanned the QR code, entered in the password and 6 digit pin, and was allowed into the app.
Now, one thing that was weird was that, when I clicked “force 2FA authentication on next login” (in the Users service), to try all of this again, the pins generated by my authenticator app would not work. I had to add another account in my authenticator app which allowed me to scan the QR code again. Then the generated pin was accepted.
If you use this app, and follow those steps above (but add your email and set up a password of course), can you make any progress?
https://anvil.works/build#clone:F5MHDBM6BIFETLZG=CT67TZEGRXOF7Q4Q7XZTXZHN
I can try this, however, we have an app with existing users, which is why I was trying to test what happens when existing users try to log in to an app where 2FA has been added/enabled.
In testing, I requested a new account via ‘signup for new account’ - it successfully sent the confirmation email, 2FA QR code, etc., and accepted the code from my authenticator. I ran into trouble because the account was not enabled, etc, and trying to reset messed something up such that nothing would work. We will likely not try to include this until we get a better handle on 2FA and more thoroughly test.
Thanks for the help though.
Yes, but if you test it once you add yourself as a user, you will be testing against an existing user 
.
Trying 2FA with a basic clone that we know works, seems like a good way to identify the source of the issue.
Good luck!
