Skip to content

Allow TwoFactor providers to be stateless #307

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
johanib wants to merge 1 commit into from
Closed

Allow TwoFactor providers to be stateless #307

johanib wants to merge 1 commit into from

Conversation

@johanib
Copy link

@johanib johanib commented Jan 12, 2026
edited
Loading

Prior to this change, there was no way to determine if a two-factor provider needed preparation before authentication.

This change introduces the needsPreparation method in the TwoFactorProviderInterface and its implementations, allowing the system to skip the preparation process for providers that do not require it. The preparation process requires state.

For example:
Prior to this change, if no state was available, the Totp and Google authenticators would fail, even if they are stateless.

Fixes: #306

This PR introduces backward incompatible changes, as custom implementations need to implement the additional method.

@johanib johanib mentioned this pull request Jan 12, 2026
Open
@johanib @Tjeerd
Allow TwoFactor providers to be stateless
fb09d0a 
Prior to this change, there was no way to determine if a two-factor provider needed preparation before authentication.

This change introduces the needsPreparation method in the TwoFactorProviderInterface and its implementations, allowing the system to skip the preparation process for providers that do not require it. The preparation process requires state.

For example:
Prior to this change, if no state was available, the  Totp and Google authenticators would fail, even if they are stateless.

Co-authored-by: Tjeerd <tjeerd@ibuildings.nl>
@johanib johanib force-pushed the optional-preparation-4 branch from 1bfe17b to fb09d0a Compare January 12, 2026 11:24
@scheb
Copy link
Owner

scheb commented Jan 12, 2026

Bummer, it must have somehow gotten lost during all those rebase/rewrite operations on the 8.x branch :(

Happy to introduce it back in, but then the introduction of the needsPreparation method would be a breaking change for the TwoFactorProviderInterface. So the way forward would be to "soft-introduce" it with an annotation and have checks, whether the method is declared - otherwise assume it false to return to the old behavior.

@johanib
Copy link
Author

johanib commented Jan 13, 2026

I added a backwards compatible version in #308

@scheb scheb closed this Jan 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add support for 2FA in applications without state

2 participants

@johanib @scheb