Skip to content

fix: device tracking for MFA #14626

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: device tracking for MFA #14626

wants to merge 1 commit into from
+88 −1

Conversation

@soberm
Copy link
Contributor

@soberm soberm commented Nov 14, 2025

Description of changes

Enhanced MFA challenge flow to support device authentication by adding device metadata retrieval and DEVICE_SRP_AUTH handling. Modified handleMFAChallenge function to include device metadata in challenge responses and added proper handling for DEVICE_SRP_AUTH challenges. This solves the issue where a device is remembered multiple times when using MFA.

Key changes:
• Added tokenOrchestrator parameter to HandleAuthChallengeRequest interface
• Modified handleMFAChallenge to call getDeviceMetadata and include DEVICE_KEY in responses when device metadata exists
• Added DEVICE_SRP_AUTH challenge detection that invokes handleDeviceSRPAuth with correct parameters
• Streamlined implementation maintains existing challenge handling patterns for consistency

Issue #, if available

#14622

Description of how you validated changes

• Unit tests

Checklist

• [x] PR description included
• [x] yarn test passes
• [x] Unit Tests are changed or added
• [ ] Relevant documentation is changed or added (and PR referenced)

Checklist for repo maintainers

• [ ] Verify E2E tests for existing workflows are working as expected or add E2E tests for newly added workflows
• [ ] New source file paths included in this PR have been added to CODEOWNERS, if appropriate

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

bobbor
bobbor approved these changes Nov 14, 2025
View reviewed changes
Copy link
Member

@bobbor bobbor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NOICE

@soberm soberm added the run-tests run the pr-label workflow label Nov 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bobbor bobbor bobbor approved these changes

@ahmedhamouda78 ahmedhamouda78 ahmedhamouda78 approved these changes

@pranavosu pranavosu Awaiting requested review from pranavosu pranavosu is a code owner

@sarayev sarayev Awaiting requested review from sarayev sarayev is a code owner

@avi-karthik avi-karthik Awaiting requested review from avi-karthik avi-karthik is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

run-tests run the pr-label workflow

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@soberm @bobbor @ahmedhamouda78