Skip to content

Allow TwoFactor providers to be stateless #308

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
johanib wants to merge 2 commits into
base: 8.x
Choose a base branch
from
Open

Allow TwoFactor providers to be stateless #308

johanib wants to merge 2 commits into from

Conversation

@johanib
Copy link

@johanib johanib commented Jan 13, 2026
edited
Loading

Prior to this change, there was no way to determine if a two-factor provider needed preparation before authentication.

This change introduces the needsPreparation method in the TwoFactorProviderInterface and its implementations, allowing the system to skip the preparation process for providers that do not require it. The preparation process requires state.

For example:
Prior to this change, if no state was available, the Totp and Google authenticators would fail, even if they are stateless.

Now, non-bc breaking.

Fixes #306

@johanib @Tjeerd
Allow TwoFactor providers to be stateless
fb09d0a 
Prior to this change, there was no way to determine if a two-factor provider needed preparation before authentication.

This change introduces the needsPreparation method in the TwoFactorProviderInterface and its implementations, allowing the system to skip the preparation process for providers that do not require it. The preparation process requires state.

For example:
Prior to this change, if no state was available, the  Totp and Google authenticators would fail, even if they are stateless.

Co-authored-by: Tjeerd <tjeerd@ibuildings.nl>
@johanib johanib force-pushed the optional-preparation-4-non-breaking branch from d7a1bf2 to 2df4f9c Compare January 13, 2026 07:45
@johanib johanib mentioned this pull request Jan 13, 2026
Open
@johanib johanib marked this pull request as ready for review January 13, 2026 07:46
@johanib
Make needsPreparation a soft requirement to prevent b/c break
81f6039 
Prior to this change, the needsPreparation method would break existing
implementations.

This change makes the change not break existing TwoFactorProviders by not actually defining the `needsPreparation` in the interface.
This is to be implemented in version 9 of the 2fa package.
@johanib johanib force-pushed the optional-preparation-4-non-breaking branch from 2df4f9c to 81f6039 Compare January 13, 2026 07:49
@johanib johanib mentioned this pull request Jan 13, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add support for 2FA in applications without state

1 participant

@johanib