Forum Academy Marketplace Showcase Pricing Features

Privacy Rules for 2FA

I’m using this plugin for 2FA on my app.

The plugin checks if the input 2FA code is valid by generating another code with a user’s secret. If the generated code matches the entered code, it logs in the user.

However, in order to generate a code to compare to the input code, it needs to fetch the user’s secret from their User object.

How can I set the Privacy Rules so that the user can only see their secret if the generated code matches the one that they entered? If I allow the user to see their own secret without any restrictions, they can simply bypass the 2FA.

That’s a tricky one.

Backend workflows can be set to ignore privacy rules though, so you could simply run a backend WF that takes the entered code to do the check and then set a flag on the user’s DB thing approving access.

Ranjit / Atomic Fusion - Accelerate your Bubble development