Allow users to choose one method instead of all when 2FA is enforced about security-package HOT 4 CLOSED

Thanks for the update / context. We're having the described problem / behaviour with a merchant on Magento v2.3.6-p1. I'll let them know that the experience is different with v2.4.0+. We're likely to need something in the short term while the 2.4 upgrade is in progress; I'll have a look at the linked pull request for inspiration on what can/shouldn't be changed locally.

from security-package.

Thank you for opening this issue! I am closing this along with others due to 2fa currently undergoing a very large internal rewrite/refactor this change will not be needed in the new version.

from security-package.

@nathanjosiah Please can you provide a link to the work that you've suggested was underway last year? We have exactly the problem described in this issue. What's the timeline for the work you've mentioned? Would you be willing to accept a pull request that solves this problem in the meantime?

from security-package.

Hello @fredden The work can be seen in #230. The security package 1.0.0 version that released alongside magento 2.4.0 came with a huge refactor/rewrite of 2fa. The merchant is able to configure which 2fa methods are enabled and the admins have to configure each of them. However, once they are configured the user may choose which one they want to use. We do allow the user to bypass configuration of methods as long as there is at least one method configured. But this is mainly to support workflows where a merchant may require multiple methods but the user is temporarily only able to configure one of them (for example if they do not yet have the company issued U2F physical key).

from security-package.