Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement two-step verification for lazer sessions #9592

Closed
3 tasks
cdwcgt opened this issue Dec 5, 2022 · 1 comment
Closed
3 tasks

Implement two-step verification for lazer sessions #9592

cdwcgt opened this issue Dec 5, 2022 · 1 comment

Comments

@cdwcgt
Copy link

cdwcgt commented Dec 5, 2022

for this case ppy/osu#20590
need osu-web to restrict unauthenticated lazer sessions until they verify their session(or access_token?) by email

My assumption is that when the session owned by lazer is not authenticated, all api which can write(submit score, chat, comment etc.) will return HTTP 403 (401 will may make lazer make lazer think the token is expired or not verified, or state the reason in the return) then lazer will push a Email verification window like web do, then send code by api.

So (I think) we need:

  • Implement restrictions on unauthenticated access token. (only scope:public can use)
  • a api to issues a new code (send limit consideration?) (like home/account/reissue-code ?)
  • a api to receive and check code (like /home/account/verify)
@Joehuu
Copy link
Member

Joehuu commented Feb 22, 2025

Has since been done.

@Joehuu Joehuu closed this as completed Feb 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cdwcgt @Joehuu