Block enabling 2fa if cookie policy not accepted

Question

Block enabling 2fa if cookie policy not accepted

HaoK opened this issue 6 years ago · 2 comments

Not accepting the cookie policy prevents temp cookies from being used which interrupts 2fa flows like displaying recovery codes (which is an issue during registration).

The fix for 2.2 is to block the ability to enable 2fa when cookie consent is not given.

Answer 1 · 2018-10-30T21:09:11.000Z

Do we need another bug opened to track the 3.0 work where we want to see if we can just make this all work?

cc @ajcvickers

Answer 2 · 2018-10-30T23:25:53.000Z

3.0 bug: https://github.com/aspnet/Identity/issues/2039