Two-factor auth breaks third-party app authorization


It seems users who have enabled two-factor verification are having problems logging into not only our apps but other apps, as well.


Got the same problem. Any pointers to what changes needed in the client auth process?


There’s a special condition you can choose to handle for xAuth in this case – we recently updated the xAuth documentation to reflect this: [node:136]. (note the new “login verification” section).

If you’re using the web-based OAuth flow, login verification is handled as part of that – though there is currently a bug with the usage of the force_login=true parameter that is working toward resolution.


@episod - getting “Sorry, that page doesn’t exist” with web-based OAuth flow after logging in but before redirect with login verification enabled. No force_login=true is used.


@episod Have the same problem as @jcarty, “Sorry, that page doesn’t exist” and dead end. Our users in production start to report login problem, please help!


This seems related:


Not working here also


The fix for this is taking a little longer than we expected but we’re on top of it.




I too am experiencing issues with the two-factor web-based OAuth login flow on our apps, the redirect to ‘GET /account/login_verification/sms?’ returns HTTP 302 error with /?login_verification_error=BadSessionLoginVerification - any ideas?