Conversation on Slack in #contrib-tfa: https://drupal.slack.com/archives/C7SR7TWMS/p1728082318265809
I have TFA working with Google Auth on my D10 dev site, however when I scan the QR code and enter the verification code, it is successful:
Status message
Application code verified. One setup step remaining.
TFA setup complete.
The page is reloaded and focus is placed back in the verification code box, but won't accept the current TOTP code.
Clicking "Skip and Finish" takes me back to /user/{id}/security/tfa and shows that TFA is setup and working. I can then log out and back in, using TFA and it all works. So yes it works, but that UI won't work on prod. Every user would be super confused.
Disabling TFA and going through the process again, it turns out it wants me to scan the QR, enter the auth code, then scan the QR again and enter a second auth code, leaving me with two identically named Google Authenticator entries with unique codes.
That process gives me the expected:
Status message
TFA setup complete.
Summary: TFA is making me scan the QR code twice, add two Auth code accounts, to consider setup complete.
Active
1.8
User interface