Hello,
I’m trying to implement a 2FA provider and I’m having some troubles.
Before sending the challenge, I need to obtain a challenge nonce from my application. These are the steps I have implemented:
- created new
ChallengeController
with functiongetChallenge()
and annotated this function as@PublicPage
- this function creates the nonce and returns an array for example (in order to return JSON response) - registered the route:
return [
'routes' => [
['name' => 'challenge#get_challenge', 'url' => '/auth/challenge', 'verb' => 'GET'],
]
];
-
created a provider template with one button (there is also valid form with challenge in order for it to work with provider, but for simplicity assume one button)
-
in the template, inlude local javascript file
challenge.js
by using
<?php
script('twofactor_webeid', 'challenge');
?>
- in the javascript file, let’s add a handler for getting the challenge nonce from my app:
button.addEventListener("click", async () => {
try {
var challengeNonce = "";
var url = OC.generateUrl(
'/apps/my_app_id/auth/challenge'
);
var request = $.ajax(url, {
method: "GET",
});
$.when(request).done(function(data) {
challengeNonce = data;
}).fail(function() {
console.log("error");
});
console.log("after request");
});
So, here is the PROBLEM I’m trying to solve:
- “after request” is actually displayed BEFORE the “error” (this is not the main problem, but still not expected)
- when I try to look up what was the error, I had to debug the code itself and in
OC\AppFramework\App::main
found out that the output message is"{"message":"CSRF check failed"}"
How do I solve this? Do I need to disable CSRF check with @NoCSRFRequired
annotation? I would rather not do this unless I really have to.
Thanks, Petr.