important-fall-74969
02/24/2022, 10:50 AMsubmitSelfServiceSettingsFlow
and passing in a SubmitSelfServiceSettingsFlowWithTotpMethodBody
flow body. This works great and we’re able to use it to log in.
We also want to add recovery codes (lookup secrets) parallel to the totp 2FA. So that if a user has lost access to their totp device they can use their codes. When a user adds 2FA (totp) to their account we want to generate the codes automatically and add them as a backup to that account. We’re able to generate the recovery codes and confirm them by calling submitSelfServiceSettingsFlow
and passing in a SubmitSelfServiceSettingsFlowWithLookupMethodBody
but after that they seem to be set as the only option for 2FA? When we next try to login the only option for 2FA is to use the recovery codes. We’re only getting the lookup_secrets
node back in the flow ui and no totp
nodes?
Here is the kratos config:
selfservice:
default_browser_return_url: <http://127.0.0.1:8084/>
whitelisted_return_urls:
- <http://127.0.0.1:8084>
methods:
profile:
enabled: true
password:
enabled: true
link:
enabled: true
config:
lifespan: 15m
oidc:
enabled: true
config:
providers:
- id: github
DO NOT CHANGE IT ONCE SET!
provider: github
client_id: [REDACTED]
client_secret: [REDACTED]
mapper_url: file:///etc/config/kratos/oidc.github.jsonnet
scope:
- user:email
- id: google
DO NOT CHANGE IT ONCE SET!
provider: google
client_id: [REDACTED
client_secret: [REDACTED]
mapper_url: file:///etc/config/kratos/oidc.google.jsonnet
scope:
- email
- profile
requested_claims:
id_token:
email:
essential: true
email_verified:
essential: true
given_name:
essential: true
family_name: null
hd: null # If you want the G Suite domain
totp:
enabled: true
config:
issuer: <http://Comnoco.io|Comnoco.io>
lookup_secret:
enabled: true
damp-salesclerk-26574
02/25/2022, 9:14 AM