Where does the force URL parameter come from in the MFA setup page?

❌Unsolved❓Question

I noticed that the force prop in the MFA setup component is taken directly from the URL:

/ui/v2/login/mfa/set?loginName=XXX&force=false&checkAfter=true&sessionId=XXX&requestId=oidc_V2_XXX&organization=XXX

/ui/v2/login/mfa/set?loginName=XXX&force=false&checkAfter=true&sessionId=XXX&requestId=oidc_V2_XXX&organization=XXX

In the code:

<ChooseSecondFactorToSetup
  userId={sessionWithData.factors?.user?.id}
  loginName={loginName}
  sessionId={sessionWithData.id}
  requestId={requestId}
  organization={organization}
  loginSettings={loginSettings}
  userMethods={sessionWithData.authMethods ?? []}
  phoneVerified={sessionWithData.phoneVerified ?? false}
  emailVerified={sessionWithData.emailVerified ?? false}
  checkAfter={checkAfter === "true"}
  force={force === "true"}
></ChooseSecondFactorToSetup>

<ChooseSecondFactorToSetup
  userId={sessionWithData.factors?.user?.id}
  loginName={loginName}
  sessionId={sessionWithData.id}
  requestId={requestId}
  organization={organization}
  loginSettings={loginSettings}
  userMethods={sessionWithData.authMethods ?? []}
  phoneVerified={sessionWithData.phoneVerified ?? false}
  emailVerified={sessionWithData.emailVerified ?? false}
  checkAfter={checkAfter === "true"}
  force={force === "true"}
></ChooseSecondFactorToSetup>

My questions is:
- Where does this force parameter in the URL originate?
- Is it connected in any way to the “Force MFA for all users” setting in the admin panel?

Where does the force URL parameter come from in the MFA setup page?

❌Unsolved❓Question

I noticed that the force prop in the MFA setup component is taken directly from the URL:

/ui/v2/login/mfa/set?loginName=XXX&force=false&checkAfter=true&sessionId=XXX&requestId=oidc_V2_XXX&organization=XXX

/ui/v2/login/mfa/set?loginName=XXX&force=false&checkAfter=true&sessionId=XXX&requestId=oidc_V2_XXX&organization=XXX

In the code:

<ChooseSecondFactorToSetup
  userId={sessionWithData.factors?.user?.id}
  loginName={loginName}
  sessionId={sessionWithData.id}
  requestId={requestId}
  organization={organization}
  loginSettings={loginSettings}
  userMethods={sessionWithData.authMethods ?? []}
  phoneVerified={sessionWithData.phoneVerified ?? false}
  emailVerified={sessionWithData.emailVerified ?? false}
  checkAfter={checkAfter === "true"}
  force={force === "true"}
></ChooseSecondFactorToSetup>

<ChooseSecondFactorToSetup
  userId={sessionWithData.factors?.user?.id}
  loginName={loginName}
  sessionId={sessionWithData.id}
  requestId={requestId}
  organization={organization}
  loginSettings={loginSettings}
  userMethods={sessionWithData.authMethods ?? []}
  phoneVerified={sessionWithData.phoneVerified ?? false}
  emailVerified={sessionWithData.emailVerified ?? false}
  checkAfter={checkAfter === "true"}
  force={force === "true"}
></ChooseSecondFactorToSetup>

My questions is:
- Where does this force parameter in the URL originate?
- Is it connected in any way to the “Force MFA for all users” setting in the admin panel?

Where does the force URL parameter come from in the MFA setup page?

Where does the force URL parameter come from in the MFA setup page?

Continue the conversation

ZITADEL

Continue the conversation

ZITADEL

Similar Threads