Failover 2FA

[ehymel]

I have multiple 2FA methods enabled (totp, two_factor_text, email) with a service implementing TwoFactorProviderDeciderInterface to pick which to use. One of these (email) is the default method and always available.

I recently encountered an issue where my SMS provider was unavailable, so anyone using text-based 2FA was unable to authenticate and login.

When multiple methods are available, it would be nice to catch any error sending the 2FA code and then try the next available method.

The flow in my case would be:

login --> send 2fa code via text --> fail --> send 2fa code via email

I wouldn't mind working on this if you could point me to a hook in the code to implement.

[scheb]

This is where the provider preparation is executed and where a fallback logic would need to go:

2fa/src/bundle/Security/TwoFactor/Provider/TwoFactorProviderPreparationListener.php

Line 114 in 43051f8

$this->providerRegistry->getProvider($providerName)->prepareAuthentication($user);