Skip to content

Mastodon OAuth Login Bug With 2FA #1872

New issue
New issue
Open
Open
Mastodon OAuth Login Bug With 2FA#1872
@ghost

Description

@ghost
ghost
opened on Mar 13, 2026

Hello.

I am developing a small PHP application that allows users to log in with Mastodon using OAuth.

The login flow works normally for accounts without two factor authentication:

  1. User clicks login
  2. Mastodon authorization page opens
  3. User approves the application
  4. User is redirected to my callback.php
  5. Login completes successfully

However when a user has 2FA enabled on their Mastodon account, the behavior changes.

The flow becomes:

  1. User approves the application
  2. Mastodon asks for the 2FA code
  3. User enters the code
  4. After successful verification the user is not redirected to my callback URL

Because of this the OAuth login process never finishes.

My question is:

Is there an additional step required in the OAuth flow when 2FA is enabled
or could this be a bug with the redirect after 2FA verification

Has anyone experienced this before?

Thank you.

auth_check.php
callback.php
login.php
mastodon_helpers.php
config.php

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions