two factor with social

Hey I see in the documentation that enabling two factor requires a password

const { data } = await authClient.twoFactor.enable({
  password: "password", // user password required
  issuer: "my-app-name", // Optional, defaults to the app name
});

const { data } = await authClient.twoFactor.enable({
  password: "password", // user password required
  issuer: "my-app-name", // Optional, defaults to the app name
});

what happens when I am using social login

5 Replies

LmvdzandeOP•5mo ago

and if it is indeed only allowed for email/password based users, how do I check if the user that is loggedin is a email/password user and not a google social login

rocketkittens•3mo ago

Hello, i would also like clarification on if 2FA works with Social Sign-In and if this even makes sense to do because social sign-in provdiers provide their own 2FA right? Can someone please advise? Thank you

Ping•3mo ago

We treat multi-factor authentication with OAuth by relying on the end-providers systems. Meaning if a user signed in with social login, then they should setup 2FA on that social provider they logged in with.

rocketkittens•3mo ago

Thank you, this lines up with my observations, so if i make an app with only social provider login (no email/password login) then twoFactor plugin is not applicable.

Ping•3mo ago

Yes. However you do have the option to setup a forgot-password flow for your users, which then allows them to set a new password. This way, they can also setup 2FA.

Gaming

Programming

two factor with social

Did you find this page helpful?