Before this, users who only signed in with OAuth2 were not able to verify their sessions with MFA because their session already used an email factor and they couldn't use an additional email factor. This commit changes the OAuth2 session to include 2 factors: email and oauth2. This second special factor is used to bypass MFA checks. It is fine to bypass MFA checks because OAuth2 is supposed to handle the entire authentication process, verifying who the user is and we, as the resource provider, only need to trust the OAuth2 provider. |
||
---|---|---|
.. | ||
api | ||
shared | ||
web | ||
general.php | ||
mock.php |