starred/twofactor_gateway-nextcloud

Fork 0

mirror of https://github.com/nextcloud/twofactor_gateway.git synced 2026-04-25 09:05:55 +03:00

[GH-ISSUE #100] Recovery keys #31

New issue

Open

opened 2026-02-26 05:32:31 +03:00 by kerem · 4 comments

kerem commented

2026-02-26 05:32:31 +03:00

Owner

Originally created by @morph027 on GitHub (Aug 27, 2018).
Original GitHub issue: https://github.com/nextcloud/twofactor_gateway/issues/100

This just crosses my mind:

user has setup a signal gateway (not sure how the implementations are handling new keys)
user is using 2F
user gets a new phone, installs Signal, get's new keys
want's to login into Nextcloud
gateway refused to send due to security constraints (keys are not matching)

When enabling 2F like this, we should probably spit out some recovery keys like with TOTP (if I remember).

Originally created by @morph027 on GitHub (Aug 27, 2018). Original GitHub issue: https://github.com/nextcloud/twofactor_gateway/issues/100 This just crosses my mind: - user has setup a signal gateway (not sure how the implementations are handling new keys) - user is using 2F - user gets a new phone, installs Signal, get's new keys - want's to login into Nextcloud - gateway refused to send due to security constraints (keys are not matching) When enabling 2F like this, we should probably spit out some recovery keys like with TOTP (if I remember).

kerem added the

enhancement

gateway:signal

labels

2026-02-26 05:32:31 +03:00

kerem commented

2026-02-26 05:32:31 +03:00

Author

Owner

@ChristophWurst commented on GitHub (Aug 27, 2018):

gateway refused to send due to security constraints (keys are not matching)

Haven't found about that scenario but yes, this needs some error handling. Do you happen to know if the gateway will communicate this error via its REST API?

@ChristophWurst commented on GitHub (Aug 27, 2018): > gateway refused to send due to security constraints (keys are not matching) Haven't found about that scenario but yes, this needs some error handling. Do you happen to know if the gateway will communicate this error via its REST API?

kerem commented

2026-02-26 05:32:31 +03:00

Author

Owner

@ChristophWurst commented on GitHub (Aug 27, 2018):

gateway refused to send due to security constraints (keys are not matching)

Generally, people should generate backup codes for these situations. However, we currently can't enforce that (yet).

@ChristophWurst commented on GitHub (Aug 27, 2018): > gateway refused to send due to security constraints (keys are not matching) Generally, people should generate backup codes for these situations. However, we currently can't enforce that (yet).

kerem commented

2026-02-26 05:32:31 +03:00

Author

Owner

@morph027 commented on GitHub (Aug 27, 2018):

Not sure if it's possible with the Signal app...anyway, we can add a notice on how to act in this case (manually deleting the file on the gateway).

I can catch the error and answer accordingly.

@morph027 commented on GitHub (Aug 27, 2018): Not sure if it's possible with the Signal app...anyway, we can add a notice on how to act in this case (manually deleting the file on the gateway). I can catch the error and answer accordingly.

kerem commented

2026-02-26 05:32:32 +03:00

Author

Owner

@morph027 commented on GitHub (Aug 27, 2018):

New version should return

{'success': False, 'error': 'remote identity is not trusted'}

in case it happens.

@morph027 commented on GitHub (Aug 27, 2018): New version should return `{'success': False, 'error': 'remote identity is not trusted'}` in case it happens.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/twofactor_gateway-nextcloud#31

No description provided.

Rows
Columns