It seems users who have enabled two-factor verification are having problems logging into not only our apps but other apps, as well.
Got the same problem. Any pointers to what changes needed in the client auth process?
There’s a special condition you can choose to handle for xAuth in this case – we recently updated the xAuth documentation to reflect this: [node:136]. (note the new “login verification” section).
If you’re using the web-based OAuth flow, login verification is handled as part of that – though there is currently a bug with the usage of the force_login=true parameter that is working toward resolution.
@episod - getting “Sorry, that page doesn’t exist” with web-based OAuth flow after logging in but before redirect with login verification enabled. No force_login=true is used.
Not working here also
The fix for this is taking a little longer than we expected but we’re on top of it.
I too am experiencing issues with the two-factor web-based OAuth login flow on our apps, the redirect to ‘GET /account/login_verification/sms?’ returns HTTP 302 error with /?login_verification_error=BadSessionLoginVerification - any ideas?