identify: validate mfa methods against user's enabled methods

2026-02-12 19:22:45 +00:00 · 2025-04-30 11:48:50 +05:00
parent 8d3b0d6dbf
commit 182558136a
1 changed files with 1 additions and 1 deletions
--- a/Streetwriters.Identity/Validation/CustomResourceOwnerValidator.cs
+++ b/Streetwriters.Identity/Validation/CustomResourceOwnerValidator.cs
@@ -84,7 +84,7 @@ namespace Streetwriters.Identity.Validation
                    var mfaCode = context.Request.Raw["mfa:code"];
                    var mfaMethod = context.Request.Raw["mfa:method"];

-                    if (string.IsNullOrEmpty(mfaCode) || !MFAService.IsValidMFAMethod(mfaMethod))
+                    if (string.IsNullOrEmpty(mfaCode) || !MFAService.IsValidMFAMethod(mfaMethod, user))
                    {
                        var sendPhoneNumber = primaryMethod == MFAMethods.SMS || secondaryMethod == MFAMethods.SMS;