cameleer/cameleer-saas
2
0
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(sign-in): TOTP enrollment QR branding and verification failure
Some checks failed
CI / build (push) Successful in 3m6s
Details
CI / docker (push) Failing after 10s
Details

Browse Source 
Two bugs in the sign-in UI's TOTP MFA enrollment flow:

1. Auth app displayed the PC hostname and "Platform Owner" instead of
   "Cameleer" and the user's email. The sign-in UI was rendering Logto's
   pre-generated QR code which uses the ENDPOINT hostname as issuer.
   Now generates our own otpauth:// URI with proper branding, rendered
   client-side via qrcode.react.

2. TOTP code verification returned 400 "Invalid TOTP code". The
   verifyTotpSetup() call was missing the required verificationId
   parameter — Logto's Experience API needs it to locate the pending
   secret during enrollment.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-28 18:34:52 +02:00
parent 3aba32302a
commit fcb25778e1
4 changed files with 21 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ui/sign-in/package-lock.json generated
View File

@@ -10,6 +10,7 @@
"dependencies": {
"@cameleer/design-system": "^0.1.54",
"@simplewebauthn/browser": "^13.3.0",
"qrcode.react": "^4.2.0",
"react": "^19.0.0",
"react-dom": "^19.0.0"
},
@@ -1905,6 +1906,15 @@
"node": "^10 || ^12 || >=14"
}
},
"node_modules/qrcode.react": {
"version": "4.2.0",
"resolved": "https://registry.npmjs.org/qrcode.react/-/qrcode.react-4.2.0.tgz",
"integrity": "sha512-QpgqWi8rD9DsS9EP3z7BT+5lY5SFhsqGjpgW5DY/i3mK4M9DTBNz3ErMi8BWYEfI3L0d8GIbGmcdFAS1uIRGjA==",
"license": "ISC",
"peerDependencies": {
"react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0"
}
},
"node_modules/react": {
"version": "19.2.4",
"resolved": "https://registry.npmjs.org/react/-/react-19.2.4.tgz",