symfony 5.4 firewall with custom_authenticator about 2fa HOT 3 CLOSED

Since you're seeing the Two-factor provider "email" prepared. message in the logs, the preparation did take place. So it must be related with preparation state - how the bundle remembers if preparation for a 2fa-provider already took place. The bundle stores that state in the security token. So my guess would be one of:

• the state of the security token was not persisted, so you're losing the information about preparation on the next request
• the state of the security token is not properly recovered on the next request
• something in your application is recreating the security token from scratch and not taking over the preparation state

First thing that I'd do: check how the security looks like on the request, when you get that error message.

from 2fa.

Dump the security token (you get that from the security.token_storage service).

It must be a TwoFactorToken in the phase between "login" and "authentication complete", when the applications waits for the user to enter the security code.

See TwoFactorToken implementation.

The prepared 2fa providers are remembered in the token, specifically in the $preparedProviders property.

from 2fa.

@scheb we are right on the third point that I am creating security token from scratch with the help of JWT provider. So how to check or enable taking over the preparation state .
Do you have any example for that?

check how the security looks like on the request

For that quote: what is the class should I check please?

from 2fa.