Page MenuHomePhabricator

Unable to log in to Android app with two-factor authentication (2FA)
Open, HighPublicBUG REPORT

Description

I'm unable to log in to the Wikipedia Android app with two-factor authentication (2FA). This bug was initially reported by Michael Greiner on the English Wikipedia at Help talk:Two-factor authentication#2FA entry in Android app. I can reproduce the bug on the latest version of the Android app (r/2.7.50282-r-2019-05-24) on my device (running Android 9) with my account.

Steps to Reproduce:

  1. From the login screen, enter your username and password.
  2. Tap "Log in".
  3. A toast notification appears, saying "Please enter a verification code from your authentication device". However, there is no input field to enter the verification code in.

Actual Results:

At this point, I've attempted to log in by entering the verification code after my password (e.g. password123456) or just the verification code itself (e.g. 123456), but both methods fail to log in with the message "Incorrect username or password entered. Please try again."

Expected Results:

At this point, the app should show a view that contains an input field for the verification code. I should be able to type in the code, submit it, and be logged in to the app.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Newslinger updated the task description. (Show Details)Jul 12 2019, 10:46 PM
Newslinger updated the task description. (Show Details)
Hmxhmx added a subscriber: Hmxhmx.Jul 14 2019, 2:15 PM
Charlotte triaged this task as Normal priority.Jul 16 2019, 4:29 PM
Charlotte moved this task from Needs Triage to Bug Backlog on the Wikipedia-Android-App-Backlog board.
Patriccck added a subscriber: Charlotte.EditedAug 1 2019, 8:03 PM

@Charlotte merged two tasks. 1st task had high priority, but this 2nd task has got lower priority. High priority is probably preferable (this is what I think).

XenonX3 added a subscriber: XenonX3.Aug 2 2019, 2:27 PM

I'm having this problem since of today. I was involuntarily logged out of the app and can't log back in because of the impossibility of entering the 2FA code.

Thanks @Patriccck and @XenonX3 and @Newslinger. We're waiting for a response from some of the folks that handle OAuth, here: https://phabricator.wikimedia.org/T228588#5388536

Meanwhile, you can briefly disable 2FA on your account using the web interface, log into the app, and then re-enable 2FA. You will still be logged in on the app and should be able to carry on as normal. We're sorry for the inconvenience!

Based on the response at T228588#5389351 it looks like there was a breaking change we weren't made aware of, that has changed the output for this extension, which may be the root cause of the issues reported above. @Dbrant @Sharvaniharan or @cooltey, let's pick this up Monday.

Thank you @Charlotte! Now, I am logged in the app.

Apap04 added a subscriber: Apap04.Aug 6 2019, 9:22 AM