⚓ T242031 Allow multiple different 2FA devices
Page Menu
Phabricator
Create Task
Maniphest
T242031
Allow multiple different 2FA devices
Closed, Resolved
Public
Actions
Edit Task
Edit Related Tasks...
Create Subtask
Edit Parent Tasks
Edit Subtasks
Merge Duplicates In
Close As Duplicate
Edit Related Objects...
Edit Commits
Edit Mocks
Mute Notifications
Protect as security issue
Assigned To
taavi
Authored By
Reedy
Jan 6 2020, 9:47 PM
2020-01-06 21:47:04 (UTC+0)
Tags
MediaWiki-extensions-OATHAuth
(User Experience)
MW-1.40-notes (1.40.0-wmf.22; 2023-02-06)
Community-Wishlist-Survey-2023
(Backlog)
Wikimania-Hackathon-2023
(Hacking Projects)
MW-1.41-notes (1.41.0-wmf.25; 2023-09-05)
MW-1.42-notes (1.42.0-wmf.25; 2024-04-02)
MW-1.43-notes (1.43.0-wmf.5; 2024-05-14)
Patch-For-Review
Wikimedia-Hackathon-2024
(Backlog)
MediaWiki-Platform-Team (Radar)
MW-1.44-notes (1.44.0-wmf.27; 2025-04-29)
Wikimedia-Hackathon-2025
(Hacking projects)
FY2025-26 WE4.6.2 Multiple Authenticators
(Done)
MW-1.45-notes (1.45.0-wmf.13; 2025-08-05)
Referenced Files
None
Subscribers
AfroThundr3007730
Ahm_masum
Aklapper
AntiCompositeNumber
Catrope
csteipp
Daimona
View All 39 Subscribers
Description
Creating as an umbrella for
T232336: Separate recovery codes into a separate 2FA module
and
T230042: Allow multiple TOTP devices
It should be possible to have TOTP and WebAuthn enabled
[21:28:13] I know it was just deployed, but is there a reason that OATHAuth only supports TOTP _or_ WebAuthn (U2F)?
[21:29:40] Every other service I use that supports WebAuthn supports both at the same time, which means I can use my hardware key on my laptop but fall back to my TOTP generator for my phone, where WebAuthn isn't supported in the browser.
db migration progress
checkuserwiki + techconductwiki
DONE
remaining private wikis
DONE
fishbowls
DONE
wikitech
DONE
ca wikis
WRITE_BOTH | READ_OLD
run script
WRITE_BOTH | READ_NEW
WRITE_NEW | READ_NEW
Details
Other Assignee
Tgr
Related Changes in Gerrit:
Subject
Repo
Branch
Lines +/-
Fix multi-key handling
mediawiki/extensions/WebAuthn
REL1_43
+40
-69
Implement function to get module from key
mediawiki/extensions/WebAuthn
REL1_43
+9
-1
Fix multi-key handling
mediawiki/extensions/OATHAuth
REL1_43
+65
-107
Mark OATHUser::getModule() as deprecated
mediawiki/extensions/OATHAuth
REL1_43
+2
-0
OATHManage: Drop use of OATHUser::getModule()
mediawiki/extensions/OATHAuth
REL1_43
+26
-14
Backlink keys back to a module
mediawiki/extensions/OATHAuth
REL1_43
+21
-19
Fix multi-key handling
mediawiki/extensions/WebAuthn
REL1_44
+40
-69
Allow using multiple modules
mediawiki/extensions/OATHAuth
master
+2
-17
Fix multi-key handling
mediawiki/extensions/OATHAuth
REL1_44
+65
-107
Auth: Add authentication request indicating used module
mediawiki/extensions/OATHAuth
REL1_44
+640
-14
Fix multi-key handling
mediawiki/extensions/WebAuthn
master
+40
-69
Fix multi-key handling
mediawiki/extensions/OATHAuth
master
+65
-107
Auth: Add authentication request indicating used module
mediawiki/extensions/OATHAuth
master
+640
-14
Do not show warning about "switching" authentication methods
mediawiki/extensions/OATHAuth
master
+12
-38
OATHManage: Drop use of OATHUser::getModule()
mediawiki/extensions/OATHAuth
master
+26
-14
Drop OATHUserRepository::persist()
mediawiki/extensions/OATHAuth
master
+0
-61
Update preferences button to support multiple key types
mediawiki/extensions/OATHAuth
master
+37
-31
Mark OATHUser::getModule() as deprecated
mediawiki/extensions/OATHAuth
master
+2
-0
Stop trying to disable other modules before enabling WebAuthn
mediawiki/extensions/WebAuthn
master
+0
-11
Backlink keys back to a module
mediawiki/extensions/OATHAuth
master
+21
-19
Implement function to get module from key
mediawiki/extensions/WebAuthn
master
+9
-1
Auth: Inject the module instead of relying on getModule()
mediawiki/extensions/OATHAuth
master
+12
-16
module: Stop using getModule() to check enablement
mediawiki/extensions/WebAuthn
master
+1
-1
Do not cache keys in the credential repository
mediawiki/extensions/WebAuthn
master
+19
-49
OATHUser: Drop getFirstKey()
mediawiki/extensions/OATHAuth
master
+0
-11
Use removeKey()/removeAll() where applicable
mediawiki/extensions/WebAuthn
master
+15
-22
Make the TOTP disable form only remove that single key
mediawiki/extensions/OATHAuth
master
+85
-21
Make Key objects aware of their database IDs
mediawiki/extensions/OATHAuth
master
+96
-57
Remove uses of getFirstKey
mediawiki/extensions/WebAuthn
master
+15
-25
Special: Cleanup module handling
mediawiki/extensions/OATHAuth
master
+18
-27
HookHandler: Use isTwoFactorAuthEnabled instead of comparing modules
mediawiki/extensions/OATHAuth
master
+1
-1
TOTP: Cleanup uses of getFirstKey, getModule
mediawiki/extensions/OATHAuth
master
+21
-12
WebAuthnKey: Store the key id
mediawiki/extensions/WebAuthn
master
+15
-1
ApiQueryOATH: do not use module to check enablement
mediawiki/extensions/OATHAuth
master
+18
-7
Do not use Module when disabling OAuth for a user
mediawiki/extensions/OATHAuth
master
+19
-7
Replace more users of getModule() for enabled checks
mediawiki/extensions/OATHAuth
master
+5
-11
Database-level support for multiple auth devices
mediawiki/extensions/OATHAuth
master
+575
-131
Drop support for old device schema
mediawiki/extensions/OATHAuth
master
+50
-128
Set WRITE_NEW for CA wikis on OATHAuth multiple devices
operations/mediawiki-config
master
+1
-1
Set READ_NEW for CA wikis on OATHAuth multiple devices
operations/mediawiki-config
master
+1
-1
Set WRITE_BOTH for CA wikis on OATHAuth multiple devices
operations/mediawiki-config
master
+1
-1
Set WRITE_NEW for Wikitech on OATHAuth multiple devices migration
operations/mediawiki-config
master
+1
-1
Set WRITE_NEW for OATHAuth multiple devices on fishbowls/privates
operations/mediawiki-config
master
+2
-2
Set READ_NEW for Wikitech on OATHAuth multiple devices migration
operations/mediawiki-config
master
+1
-1
Set OATHAuth multiple devices WRITE_BOTH for wikitech
operations/mediawiki-config
master
+1
-0
Set OATHAuth multiple devices READ_NEW for all fishbows, privates
operations/mediawiki-config
master
+2
-4
Set OATHAuth multiple devices READ_NEW for checkuser, techconduct
operations/mediawiki-config
master
+2
-2
Set OATHAuth multiple devices WRITE_BOTH for all privates
operations/mediawiki-config
master
+1
-0
Set OATHAuth multiple devices WRITE_BOTH for all fishbowls
operations/mediawiki-config
master
+1
-0
Set WRITE_BOTH for OAuth multiple devices to checkuserwiki
operations/mediawiki-config
master
+1
-0
Set WRITE_BOTH for OAuth multiple devices to techconductwiki
operations/mediawiki-config
master
+1
-0
Keep both tables up-to-date on WRITE_BOTH
mediawiki/extensions/OATHAuth
master
+17
-22
Keep both tables up-to-date on WRITE_BOTH
mediawiki/extensions/OATHAuth
wmf/1.41.0-wmf.20
+17
-22
Keep both tables up-to-date on WRITE_BOTH
mediawiki/extensions/OATHAuth
wmf/1.41.0-wmf.22
+17
-22
OAuthUserRepository: Ensure we don't end up with duplicate rows
mediawiki/extensions/OATHAuth
wmf/1.41.0-wmf.22
+13
-3
OAuthUserRepository: Ensure we don't end up with duplicate rows
mediawiki/extensions/OATHAuth
wmf/1.41.0-wmf.20
+13
-3
OAuthUserRepository: Ensure we don't end up with duplicate rows
mediawiki/extensions/OATHAuth
master
+13
-3
[beta] Read new for OATHAuthMultipleDevicesMigrationStage
operations/mediawiki-config
master
+1
-1
[beta] Write both for OATHAuthMultipleDevicesMigrationStage
operations/mediawiki-config
master
+3
-0
Set OATHAuthMultipleDevicesMigrationStage to MIGRATION_OLD
operations/mediawiki-config
master
+2
-0
API: Do not expose the module name in the output
mediawiki/extensions/OATHAuth
master
+0
-2
Show related patches
Customize query in gerrit
Related Objects
Search...
Task Graph
Mentions
Duplicates
Status
Subtype
Assigned
Task
Open
None
T125653
Create new types of notifications
Resolved
None
T166622
Allow all users on all wikis to use OATHAuth
Duplicate
None
T399651
Separate recovery codes into a separate module
Open
None
T100375
Improve user experience of Two-Factor process
Open
None
T352856
Recovery code improvements
Resolved
Reedy
T131788
Users should be notified when only two recovery codes are left
Resolved
sbassett
T150601
Add option to generate new set of recovery codes
Open
None
T244348
Recovery option for WebAuthn
Open
None
T356004
Help password managers to detect TOTP login input
Open
None
T151738
OATH code field should show numeric keyboard on mobile devices
Open
None
T399644
FY2025-26 WE4.6.2 Multiple Authenticators
Resolved
sbassett
T232336
Separate recovery codes into a separate 2FA module
Resolved
PRODUCTION ERROR
Tgr
T368468
Cannot switch 2FA method between TOTP and WebAuthn: InvalidArgumentException: User already has a key from a different module enabled (totp)
Resolved
Catrope
T230042
Allow multiple TOTP devices
Resolved
taavi
T242031
Allow multiple different 2FA devices
Resolved
Reedy
T268564
Convert OATHAuth to AbstractSchema
Resolved
taavi
T330502
Create oathauth_types and oathauth_devices tables
Resolved
Marostegui
T348693
Drop oathauth_users table from production
Mentioned In
T402467: Allow users to enable multiple authenticator types
T399664: Expand 2FA Opt-In Privileges
T399645: Allow multiple TOTP and security keys on Special:OATH
T399647: Redesign 2FA login UX for multiple authenticator support
T399959: Assess and review existing tasks and patches related to supporting WE 4.6.2 2fa Multiple Authenticators work
T395507: Support multiple TOTP tokens
T393329: Support WebAuthn second factor login on Wikimedia Commons app
T393251: Support WebAuthn second factor login on Wikimedia Android app
T393250: Support WebAuthn second factor login on Wikimedia iOS app
T150562: Be able to force OATHAuth for certain user groups
T376021: Migrate WebAuthn on Wikimedia wikis to central domain
T368468: Cannot switch 2FA method between TOTP and WebAuthn: InvalidArgumentException: User already has a key from a different module enabled (totp)
T354701: Enable migration of WebAuthn credentials to central domain
T330502: Create oathauth_types and oathauth_devices tables
T242847: Store 2FA enrollment timestamp
T150898: Force OATHAuth (2FA) for certain user groups in Wikimedia production and Beta wikis
T172079: Allow OATHAuth users with 2FA already enabled to add / switch devices without disabling
T230042: Allow multiple TOTP devices
T244348: Recovery option for WebAuthn
Mentioned Here
T242847: Store 2FA enrollment timestamp
T230042: Allow multiple TOTP devices
T232336: Separate recovery codes into a separate 2FA module
Duplicates Merged Here
T399645: Allow multiple TOTP and security keys on Special:OATH
T172079: Allow OATHAuth users with 2FA already enabled to add / switch devices without disabling
T384300: Allow TOTP to be enabled at the same time as WebAuthn
T230042: Allow multiple TOTP devices
Event Timeline
There are a very large number of changes, so older changes are hidden.
Show Older Changes
Johannnes89
subscribed.
Mar 28 2025, 4:37 PM
2025-03-28 16:37:50 (UTC+0)
Bugreporter
mentioned this in
T150562: Be able to force OATHAuth for certain user groups
Mar 29 2025, 4:18 PM
2025-03-29 16:18:44 (UTC+0)
gerritbot
added a comment.
Mar 31 2025, 1:00 PM
2025-03-31 13:00:25 (UTC+0)
Comment Actions
Change #1132632 had a related patch set uploaded (by Majavah; author: Majavah):
[mediawiki/extensions/OATHAuth@master] Auth: Add authentication request indicating used module
Xaosflux
subscribed.
Mar 31 2025, 2:25 PM
2025-03-31 14:25:26 (UTC+0)
gerritbot
added a comment.
Mar 31 2025, 2:55 PM
2025-03-31 14:55:05 (UTC+0)
Comment Actions
Change #1114128
merged
by jenkins-bot:
[mediawiki/extensions/WebAuthn@master] Implement function to get module from key
ReleaseTaggerBot
added a project:
MW-1.44-notes (1.44.0-wmf.23; 2025-04-01)
Mar 31 2025, 3:00 PM
2025-03-31 15:00:49 (UTC+0)
taavi
added a project:
Wikimedia-Hackathon-2024
Mar 31 2025, 3:06 PM
2025-03-31 15:06:42 (UTC+0)
gerritbot
added a comment.
Apr 1 2025, 12:09 PM
2025-04-01 12:09:30 (UTC+0)
Comment Actions
Change #1133116 had a related patch set uploaded (by Majavah; author: Majavah):
[mediawiki/extensions/WebAuthn@master] Stop trying to disable other modules before enabling WebAuthn
gerritbot
added a comment.
Apr 1 2025, 12:11 PM
2025-04-01 12:11:58 (UTC+0)
Comment Actions
Change #1133117 had a related patch set uploaded (by Majavah; author: Majavah):
[mediawiki/extensions/OATHAuth@master] OATHManage: Drop use of OATHUser::getModule()
gerritbot
added a comment.
Apr 1 2025, 12:12 PM
2025-04-01 12:12:00 (UTC+0)
Comment Actions
Change #1133118 had a related patch set uploaded (by Majavah; author: Majavah):
[mediawiki/extensions/OATHAuth@master] Drop OATHUserRepository::persist()
taavi
edited projects, added
MediaWiki-Platform-Team
; removed
MediaWiki-Platform-Team (Radar)
Apr 1 2025, 12:14 PM
2025-04-01 12:14:58 (UTC+0)
Comment Actions
Moving back to your inbox since this could use some code reviews again :-)
After these patches the only remaining thing is implementing an interface that lets users choose a method to login with.
taavi
merged a task:
T384300: Allow TOTP to be enabled at the same time as WebAuthn
Apr 1 2025, 12:20 PM
2025-04-01 12:20:50 (UTC+0)
taavi
added a subscriber:
HiccupJul
gerritbot
added a comment.
Apr 6 2025, 9:04 PM
2025-04-06 21:04:47 (UTC+0)
Comment Actions
Change #1133116
merged
by jenkins-bot:
[mediawiki/extensions/WebAuthn@master] Stop trying to disable other modules before enabling WebAuthn
gerritbot
added a comment.
Apr 6 2025, 9:06 PM
2025-04-06 21:06:10 (UTC+0)
Comment Actions
Change #1114129
merged
by jenkins-bot:
[mediawiki/extensions/OATHAuth@master] Backlink keys back to a module
gerritbot
added a comment.
Apr 6 2025, 9:08 PM
2025-04-06 21:08:14 (UTC+0)
Comment Actions
Change #1114130
merged
by jenkins-bot:
[mediawiki/extensions/OATHAuth@master] Update preferences button to support multiple key types
gerritbot
added a comment.
Apr 6 2025, 9:08 PM
2025-04-06 21:08:17 (UTC+0)
Comment Actions
Change #1114133
merged
by jenkins-bot:
[mediawiki/extensions/OATHAuth@master] Mark OATHUser::getModule() as deprecated
gerritbot
added a comment.
Apr 6 2025, 9:08 PM
2025-04-06 21:08:19 (UTC+0)
Comment Actions
Change #1133117
merged
by jenkins-bot:
[mediawiki/extensions/OATHAuth@master] OATHManage: Drop use of OATHUser::getModule()
gerritbot
added a comment.
Apr 6 2025, 9:08 PM
2025-04-06 21:08:47 (UTC+0)
Comment Actions
Change #1133118
merged
by jenkins-bot:
[mediawiki/extensions/OATHAuth@master] Drop OATHUserRepository::persist()
gerritbot
added a comment.
Apr 6 2025, 9:40 PM
2025-04-06 21:40:44 (UTC+0)
Comment Actions
Change #1134383 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):
[mediawiki/extensions/OATHAuth@master] [WIP] Fix multi-key handling
ReleaseTaggerBot
edited projects, added
MW-1.44-notes (1.44.0-wmf.24; 2025-04-08)
; removed
MW-1.44-notes (1.44.0-wmf.23; 2025-04-01)
Apr 6 2025, 10:00 PM
2025-04-06 22:00:41 (UTC+0)
gerritbot
added a comment.
Apr 6 2025, 10:02 PM
2025-04-06 22:02:54 (UTC+0)
Comment Actions
Change #1134384 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):
[mediawiki/extensions/WebAuthn@master] Fix multi-key handling
larissagaulia
moved this task from
Inbox, needs triage
to
Radar
on the
MediaWiki-Platform-Team
board.
Apr 7 2025, 2:47 PM
2025-04-07 14:47:18 (UTC+0)
larissagaulia
edited projects, added
MediaWiki-Platform-Team (Radar)
; removed
MediaWiki-Platform-Team
gerritbot
added a comment.
Apr 13 2025, 10:45 PM
2025-04-13 22:45:47 (UTC+0)
Comment Actions
Change #1136134 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):
[mediawiki/extensions/OATHAuth@master] Do not show warning about "switching" authentication methods
Daimona
subscribed.
Apr 14 2025, 11:54 PM
2025-04-14 23:54:26 (UTC+0)
gerritbot
added a comment.
Apr 24 2025, 7:54 PM
2025-04-24 19:54:05 (UTC+0)
Comment Actions
Change #1136134
merged
by jenkins-bot:
[mediawiki/extensions/OATHAuth@master] Do not show warning about "switching" authentication methods
ReleaseTaggerBot
edited projects, added
MW-1.44-notes (1.44.0-wmf.27; 2025-04-29)
; removed
MW-1.44-notes (1.44.0-wmf.24; 2025-04-08)
Apr 24 2025, 8:00 PM
2025-04-24 20:00:17 (UTC+0)
Tgr
mentioned this in
T393250: Support WebAuthn second factor login on Wikimedia iOS app
May 3 2025, 10:53 AM
2025-05-03 10:53:02 (UTC+0)
Tgr
mentioned this in
T393251: Support WebAuthn second factor login on Wikimedia Android app
Tgr
added subtasks:
T393251: Support WebAuthn second factor login on Wikimedia Android app
T393250: Support WebAuthn second factor login on Wikimedia iOS app
taavi
added a project:
Wikimedia-Hackathon-2025
May 3 2025, 11:51 AM
2025-05-03 11:51:08 (UTC+0)
taavi
moved this task from
Backlog
to
Hacking projects
on the
Wikimedia-Hackathon-2025
board.
Tgr
mentioned this in
T393329: Support WebAuthn second factor login on Wikimedia Commons app
May 4 2025, 11:59 AM
2025-05-04 11:59:44 (UTC+0)
Tgr
added a subtask:
T393329: Support WebAuthn second factor login on Wikimedia Commons app
taavi
removed a subtask:
T368468: Cannot switch 2FA method between TOTP and WebAuthn: InvalidArgumentException: User already has a key from a different module enabled (totp)
May 6 2025, 5:21 PM
2025-05-06 17:21:50 (UTC+0)
taavi
added a parent task:
T368468: Cannot switch 2FA method between TOTP and WebAuthn: InvalidArgumentException: User already has a key from a different module enabled (totp)
Tgr
mentioned this in
T395507: Support multiple TOTP tokens
May 28 2025, 6:18 PM
2025-05-28 18:18:16 (UTC+0)
Wellverywell
subscribed.
Jul 17 2025, 4:41 PM
2025-07-17 16:41:30 (UTC+0)
sbassett
mentioned this in
T399959: Assess and review existing tasks and patches related to supporting WE 4.6.2 2fa Multiple Authenticators work
Jul 18 2025, 2:19 PM
2025-07-18 14:19:32 (UTC+0)
sbassett
merged a task:
T172079: Allow OATHAuth users with 2FA already enabled to add / switch devices without disabling
Jul 22 2025, 5:22 PM
2025-07-22 17:22:15 (UTC+0)
sbassett
added subscribers:
deryckchan
Logicer
jeremyb
and
8 others
Catrope
added a project:
FY2025-26 WE4.6.2 Multiple Authenticators
Jul 27 2025, 6:09 PM
2025-07-27 18:09:00 (UTC+0)
gerritbot
added a comment.
Jul 29 2025, 3:52 PM
2025-07-29 15:52:21 (UTC+0)
Comment Actions
Change #1132632
merged
by jenkins-bot:
[mediawiki/extensions/OATHAuth@master] Auth: Add authentication request indicating used module
ReleaseTaggerBot
added a project:
MW-1.45-notes (1.45.0-wmf.13; 2025-08-05)
Jul 29 2025, 4:00 PM
2025-07-29 16:00:30 (UTC+0)
gerritbot
added a comment.
Jul 29 2025, 4:02 PM
2025-07-29 16:02:08 (UTC+0)
Comment Actions
Change #1134383
merged
by jenkins-bot:
[mediawiki/extensions/OATHAuth@master] Fix multi-key handling
gerritbot
added a comment.
Jul 29 2025, 4:37 PM
2025-07-29 16:37:19 (UTC+0)
Comment Actions
Change #1134384
merged
by jenkins-bot:
[mediawiki/extensions/WebAuthn@master] Fix multi-key handling
gerritbot
added a comment.
Jul 29 2025, 11:59 PM
2025-07-29 23:59:43 (UTC+0)
Comment Actions
Change #1174095 had a related patch set uploaded (by Reedy; author: Majavah):
[mediawiki/extensions/OATHAuth@REL1_44] Auth: Add authentication request indicating used module
gerritbot
added a comment.
Jul 30 2025, 12:00 AM
2025-07-30 00:00:11 (UTC+0)
Comment Actions
Change #1174096 had a related patch set uploaded (by Reedy; author: Gergő Tisza):
[mediawiki/extensions/OATHAuth@REL1_44] Fix multi-key handling
gerritbot
added a comment.
Jul 30 2025, 12:36 AM
2025-07-30 00:36:05 (UTC+0)
Comment Actions
Change #1174095
merged
by jenkins-bot:
[mediawiki/extensions/OATHAuth@REL1_44] Auth: Add authentication request indicating used module
gerritbot
added a comment.
Jul 30 2025, 12:36 AM
2025-07-30 00:36:07 (UTC+0)
Comment Actions
Change #1174096
merged
by jenkins-bot:
[mediawiki/extensions/OATHAuth@REL1_44] Fix multi-key handling
gerritbot
added a comment.
Jul 31 2025, 1:20 PM
2025-07-31 13:20:04 (UTC+0)
Comment Actions
Change #1172901 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):
[mediawiki/extensions/OATHAuth@master] Allow using multiple modules
Tgr
added subscribers:
Mstyles
Catrope
Jul 31 2025, 1:22 PM
2025-07-31 13:22:56 (UTC+0)
Comment Actions
@Mstyles
@Catrope
do we have some sort of checklist of what's needed before enabling?
Tgr
added a comment.
Jul 31 2025, 1:49 PM
2025-07-31 13:49:15 (UTC+0)
Comment Actions
Alternatively, we could say this task is done, since they are now possible (just intentionally disabled for now).
Tgr
added a parent task:
T230042: Allow multiple TOTP devices
Jul 31 2025, 1:50 PM
2025-07-31 13:50:30 (UTC+0)
Tgr
mentioned this in
T399647: Redesign 2FA login UX for multiple authenticator support
Jul 31 2025, 5:31 PM
2025-07-31 17:31:37 (UTC+0)
Tgr
updated Other Assignee, added:
Tgr
; removed:
pmiazga
Jul 31 2025, 5:36 PM
2025-07-31 17:36:46 (UTC+0)
Tgr
mentioned this in
T399645: Allow multiple TOTP and security keys on Special:OATH
Jul 31 2025, 7:33 PM
2025-07-31 19:33:11 (UTC+0)
Tgr
mentioned this in
T399664: Expand 2FA Opt-In Privileges
Aug 1 2025, 9:25 AM
2025-08-01 09:25:09 (UTC+0)
Tgr
merged a task:
T399645: Allow multiple TOTP and security keys on Special:OATH
Aug 1 2025, 3:17 PM
2025-08-01 15:17:47 (UTC+0)
Tgr
removed subtasks:
T393329: Support WebAuthn second factor login on Wikimedia Commons app
T393250: Support WebAuthn second factor login on Wikimedia iOS app
T393251: Support WebAuthn second factor login on Wikimedia Android app
Tgr
added subscribers:
sbassett
TAdeleye_WMF
Mstyles
moved this task from
Backlog
to
In Progress
on the
FY2025-26 WE4.6.2 Multiple Authenticators
board.
Aug 14 2025, 9:06 PM
2025-08-14 21:06:41 (UTC+0)
Mstyles
closed this task as
Resolved
Aug 20 2025, 6:56 PM
2025-08-20 18:56:41 (UTC+0)
Mstyles
moved this task from
In Progress
to
Done
on the
FY2025-26 WE4.6.2 Multiple Authenticators
board.
Comment Actions
In
T242031#11050232
@Tgr
wrote:
Alternatively, we could say this task is done, since they are now possible (just intentionally disabled for now).
Yes we'll mark this as done, and as a part of this quarter's rollout, there will be a plan to enable multiple authenticators
Mstyles
removed a subtask:
T353962: Add new notifications for additional 2FA being enabled/disabled
Aug 20 2025, 6:58 PM
2025-08-20 18:58:30 (UTC+0)
Mstyles
removed a subtask:
T401771: Merge password and 2FA management into a single Special:AccountSecurity page when OATHAuth is installed
Mstyles
removed a subtask:
T401772: Allow TOTP auth methods to be named
Mstyles
removed a subtask:
T401773: Always redirect 2FA management special page to auth domain on SUL wikis, so that WebAuthn setup can be offered
Mstyles
removed a subtask:
T401774: Redesign UI for listing 2FA methods and adding new methods
Mstyles
removed a subtask:
T401775: Allow 2FA methods to be renamed
Aug 20 2025, 7:00 PM
2025-08-20 19:00:32 (UTC+0)
Mstyles
removed a subtask:
T401776: Display recovery codes when setting up the user's first 2FA method, regardless of type
Mstyles
removed a subtask:
T401777: During login, allow multiple 2FA methods to be used, but prioritize WebAuthn if available
Octfx
unsubscribed.
Aug 20 2025, 7:03 PM
2025-08-20 19:03:08 (UTC+0)
Catrope
mentioned this in
T402467: Allow users to enable multiple authenticator types
Aug 20 2025, 11:02 PM
2025-08-20 23:02:46 (UTC+0)
rokejulianlockhart
awarded a token.
Sep 16 2025, 3:04 PM
2025-09-16 15:04:00 (UTC+0)
rokejulianlockhart
subscribed.
gerritbot
added a comment.
Sep 16 2025, 10:10 PM
2025-09-16 22:10:43 (UTC+0)
Comment Actions
Change #1172901
abandoned
by Reedy:
[mediawiki/extensions/OATHAuth@master] Allow using multiple modules
gerritbot
added a comment.
Sep 23 2025, 9:13 AM
2025-09-23 09:13:16 (UTC+0)
Comment Actions
Change #1190593 had a related patch set uploaded (by Reedy; author: Gergő Tisza):
[mediawiki/extensions/WebAuthn@REL1_44] Fix multi-key handling
gerritbot
added a comment.
Sep 23 2025, 9:22 AM
2025-09-23 09:22:32 (UTC+0)
Comment Actions
Change #1190606 had a related patch set uploaded (by Reedy; author: Gergő Tisza):
[mediawiki/extensions/WebAuthn@REL1_43] Fix multi-key handling
gerritbot
added a comment.
Sep 23 2025, 9:36 AM
2025-09-23 09:36:37 (UTC+0)
Comment Actions
Change #1190593
merged
by Reedy:
[mediawiki/extensions/WebAuthn@REL1_44] Fix multi-key handling
gerritbot
added a comment.
Sep 23 2025, 10:55 AM
2025-09-23 10:55:13 (UTC+0)
Comment Actions
Change #1190630 had a related patch set uploaded (by Reedy; author: Majavah):
[mediawiki/extensions/OATHAuth@REL1_43] Backlink keys back to a module
gerritbot
added a comment.
Sep 23 2025, 11:25 AM
2025-09-23 11:25:37 (UTC+0)
Comment Actions
Change #1190630
merged
by jenkins-bot:
[mediawiki/extensions/OATHAuth@REL1_43] Backlink keys back to a module
gerritbot
added a comment.
Sep 23 2025, 6:40 PM
2025-09-23 18:40:37 (UTC+0)
Comment Actions
Change #1190741 had a related patch set uploaded (by Reedy; author: Majavah):
[mediawiki/extensions/OATHAuth@REL1_43] OATHManage: Drop use of OATHUser::getModule()
gerritbot
added a comment.
Sep 23 2025, 6:48 PM
2025-09-23 18:48:34 (UTC+0)
Comment Actions
Change #1190745 had a related patch set uploaded (by Reedy; author: Majavah):
[mediawiki/extensions/OATHAuth@REL1_43] Mark OATHUser::getModule() as deprecated
gerritbot
added a comment.
Sep 23 2025, 6:48 PM
2025-09-23 18:48:36 (UTC+0)
Comment Actions
Change #1190746 had a related patch set uploaded (by Reedy; author: Gergő Tisza):
[mediawiki/extensions/OATHAuth@REL1_43] Fix multi-key handling
gerritbot
added a comment.
Sep 23 2025, 7:13 PM
2025-09-23 19:13:46 (UTC+0)
Comment Actions
Change #1190741
merged
by jenkins-bot:
[mediawiki/extensions/OATHAuth@REL1_43] OATHManage: Drop use of OATHUser::getModule()
gerritbot
added a comment.
Sep 23 2025, 7:33 PM
2025-09-23 19:33:32 (UTC+0)
Comment Actions
Change #1190745
merged
by jenkins-bot:
[mediawiki/extensions/OATHAuth@REL1_43] Mark OATHUser::getModule() as deprecated
gerritbot
added a comment.
Sep 23 2025, 7:34 PM
2025-09-23 19:34:14 (UTC+0)
Comment Actions
Change #1190746
merged
by jenkins-bot:
[mediawiki/extensions/OATHAuth@REL1_43] Fix multi-key handling
gerritbot
added a comment.
Sep 23 2025, 7:51 PM
2025-09-23 19:51:52 (UTC+0)
Comment Actions
Change #1190762 had a related patch set uploaded (by Reedy; author: Majavah):
[mediawiki/extensions/WebAuthn@REL1_43] Implement function to get module from key
gerritbot
added a comment.
Sep 23 2025, 8:14 PM
2025-09-23 20:14:28 (UTC+0)
Comment Actions
Change #1190762
merged
by Reedy:
[mediawiki/extensions/WebAuthn@REL1_43] Implement function to get module from key
gerritbot
added a comment.
Sep 23 2025, 8:14 PM
2025-09-23 20:14:37 (UTC+0)
Comment Actions
Change #1190606
merged
by Reedy:
[mediawiki/extensions/WebAuthn@REL1_43] Fix multi-key handling
Stang
unsubscribed.
Oct 14 2025, 1:24 PM
2025-10-14 13:24:58 (UTC+0)
Log In to Comment
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct.
Wikimedia Foundation
Code of Conduct
Disclaimer
CC-BY-SA
GPL
Credits