[discuss.kde.org] [Bug 519065] New: Expose OAuth2 SSO options when 2FA is active

Roke Julian Lockhart Beedell bugzilla_noreply at kde.org
Fri Apr 17 15:34:10 BST 2026 

https://bugs.kde.org/show_bug.cgi?id=519065

            Bug ID: 519065
           Summary: Expose OAuth2 SSO options when 2FA is active
    Classification: Websites
           Product: discuss.kde.org
      Version First unspecified
       Reported In:
          Platform: Fedora RPMs
               URL: https://discuss.kde.org/t/shall-kde-bugzilla-and-or-di
                    scourse-ever-be-connected-to-identity-or-gitlab-sso/46
                    273/4?u=rokejulianlockhart
                OS: Linux
            Status: REPORTED
          Severity: wishlist
          Priority: NOR
         Component: General
          Assignee: forum-admin at kde.org
          Reporter: 4wy78uwh at rokejulianlockhart.addy.io
                CC: kde-www at kde.org
  Target Milestone: ---

Created attachment 191582
  --> https://bugs.kde.org/attachment.cgi?id=191582&action=edit
A Duplicate Of The Cited Information

# SUMMARY

For my KDE Discourse account, I've CTAP1 and TOTP 2FA enabled. This is solely
for username-plus-password entry. I've also CTAP2 enabled for 1FA. Identical
measures are also active for all possible SSO alternatives. Consequently,
Discourse's (unfortunate) default, of disabling all SSO methods when 2FA is
active, should be disabled, on this instance.

# STEPS TO REPRODUCE

1. Visit https://discuss.kde.org/u/rokejulianlockhart/preferences/account.

2. Connect KDE Identity.

3. Enable 2FA, at
https://discuss.kde.org/u/rokejulianlockhart/preferences/second-factor.

4. Visit https://discuss.kde.org/u/rokejulianlockhart/preferences/account.

# OBSERVED RESULT

At https://discuss.kde.org/u/rokejulianlockhart/preferences/account, I am
unable to connect any alternative SSO methods, because they are hidden.
Additionally, any previously-connected methods were disconnected when 2FA was
enabled.

# EXPECTED RESULT

I should have been able to connect alternative SSO methods. To enable this,
disable "Enforce second factor on external auth".

This also provides the benefit of remediating
https://meta.discourse.org/t/passkey-option-missing-on-enforce-second-factor-on-external-auth-error-screen/397772?u=rokejulianlockhart,
which, although *currently* inapplicable to KDE Discourse, would become
applicable if the alternative, of whitelisting certain SSO providers, was
chosen, instead.

# ADDITIONAL INFORMATION

This request was originally discussed at
https://discuss.kde.org/t/shall-kde-bugzilla-and-or-discourse-ever-be-connected-to-identity-or-gitlab-sso/46273/4?u=rokejulianlockhart,
wherein I first realised what the problem and solution are.

I'd have provided more detailed reproduction steps to remediate this on the
administrative panel, and a better screenshot of the option. However,
https://meta.discourse.org/t/sample-forum-to-see-admin-features/392680/5?u=rokejulianlockhart
isn't necessarily trivial.

My apologies for the attachment requiring extraction. Blame what
https://github.com/gildas-lormeau/SingleFile/discussions/1933#discussion-9901776
describes. Regardless, I thought it better than a screenshot, for the sake of
accessibility and longevity.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

More information about the kde-www mailing list