Reset flow if action is still CHALLENGE_REQUIRED upon validation (#23)

stevenclouston · web-flow · commit 7481e449dde0 · 2025-11-10T10:41:06.000+13:00
* Reset flow if action is still CHALLENGE_REQUIRED upon validation

* Bump version
diff --git a/app/build.gradle b/app/build.gradle
@@ -10,7 +10,7 @@ plugins {
 }
 
 group 'com.authsignal'
-version '2.2.0'
+version '2.2.1'
 
 repositories {
     mavenCentral()
diff --git a/app/src/main/java/com/authsignal/keycloak/AuthsignalAuthenticator.java b/app/src/main/java/com/authsignal/keycloak/AuthsignalAuthenticator.java
@@ -149,6 +149,10 @@ private void handleTokenValidation(AuthenticationFlowContext context, Authsignal
             }
             context.setUser(user);
             context.success();
+        } else if (response.state == UserActionState.CHALLENGE_REQUIRED) {
+            // User quit the MFA flow without completing the challenge
+            // This means they clicked "Quit" on the AuthSignal page
+            context.resetFlow();
         } else {
             context.failure(AuthenticationFlowError.ACCESS_DENIED);
         }

Original file line number	Diff line number	Diff line change
`@@ -149,6 +149,10 @@ private void handleTokenValidation(AuthenticationFlowContext context, Authsignal`
`149`	`149`	`}`
`150`	`150`	`context.setUser(user);`
`151`	`151`	`context.success();`
	`152`	`+ } else if (response.state == UserActionState.CHALLENGE_REQUIRED) {`
	`153`	`+ // User quit the MFA flow without completing the challenge`
	`154`	`+ // This means they clicked "Quit" on the AuthSignal page`
	`155`	`+ context.resetFlow();`
`152`	`156`	`} else {`
`153`	`157`	`context.failure(AuthenticationFlowError.ACCESS_DENIED);`
`154`	`158`	`}`