Details
-
Bug
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
1.5.0
-
None
-
None
Description
When the TOTP auth extension is used with a JDBC auth extension, a TOTP secret will be generated and stored for each user. However, if multiple different JDBC auth extensions are used simultaneously, a different key will be generated for each, only one of which will be presented in the UI for ingestion into a TOTP phone app or similar.
When attempting to authenticate, only the secret stored in the database that presented the secret in the UI will generate a matching code - the other one will never match, resulting in the auth attempt being rejected.