By: Stephen Charlton user 11 Nov 2021 at 7:56 a.m. CST

1 Response
Stephen Charlton gravatar
We are evaluating Gluu custom MFA. One of the requirements we must meet is for users who have not enrolled 2FA credentials, to be forced to do so during the login flow. As mentioned in the documentation here https://gluu.org/docs/casa/4.2/administration/2fa-basics/#enrolling-credentials-upon-registration-or-first-login we have altered the login flow to check for credentials and redirect to custom pages that implement enrolment. We have added the following two extra steps to our login interception script if the user has not enrolled 2fa: - A step where users can enter their phone number and are sent a OTP. - A step where users enter the OTP they received and if it is correct, their phone number is stored in the database. We have now a further requirement, in the enter OTP page (step 2 above), we need to add an “enter your phone again” link which when clicked redirects back to the previous step (1 above), allowing the user to enter their phone again. How can this be implemented ? Many thanks in advance, Stephen

By Madhumita Subramaniam staff 11 Nov 2021 at 11:20 p.m. CST

Madhumita Subramaniam gravatar
Hi, Take a look at ``` getNextStep ``` here - https://github.com/GluuFederation/oxAuth/blob/master/Server/integrations/basic.reset_to_step/BasicResetToStepExternalAuthenticator.py