Out of interest, do you just have a plug checking if the user has passed a 2fa check, if not redirect? Or is there something in Ueberauth I missed where you can chain “challenges” together?
After password verification for internal accounts, we check 2FA in a new callback function.
router
scope "/identity" do
post "/callback", Auth.UeberauthController, :identity_callback
scope "/token" do
get "/", Auth.UeberauthController, :token
post "/callback", Auth.UeberauthController, :token_callback
end
end
UeberauthController
def identity_callback(conn, params) do
...
case user.data["authenticator"] do
"true" ->
conn
|> put_session(:current_user, user)
|> render(:token, callback_url: Helpers.callback_url(conn),
user: user)
_ ->
...
end
end
def token_callback(conn, params) do
...
case AuthToken.validate_user_token(email, subdomain, token) do
{:ok, _pass} ->
conn
|> sign_in(user, attrs, locale)
...
{:error, _reason} ->
...
end
end
end
1 Like