Could not find the TOTP key in the internal context

[perjo927]

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• This issue affects my Ory Cloud project.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Describe the bug

In a browser client using Ory Kratos: After activating 2FA with TOTP by scanning the QR code retrieved from after initializing the settings flow and successfully inputting the verify code generated by the paired Authenticator app, then disabling and then going through activation a second time, during the same privileged session, the following error is thrown:

{
    "error": {
        "code": 500,
        "status": "Internal Server Error",
        "reason": "Could not find they TOTP key in the internal context. This is a code bug and should be reported to https://github.com/ory/kratos/.",
        "message": "An internal server error occurred, please contact the system administrator"
    }
}

Reproducing the bug

1. Enable 2FA with TOTP in your Kratos configuration
2. Activate 2FA by scanning QR code retrieved from initializing settings flow + entering verify code generated with the Authenticator app.
3. Disable/unlink 2FA/TOTP
4. Activate 2FA again by scanning QR code and enter verify code

I was able to reproduce both in my own browser client as well as in https://kratos-reference-ui-react-nextjs.vercel.app/

Relevant log output

{
    "error": {
        "code": 500,
        "status": "Internal Server Error",
        "reason": "Could not find they TOTP key in the internal context. This is a code bug and should be reported to https://github.com/ory/kratos/.",
        "message": "An internal server error occurred, please contact the system administrator"
    }
}

Relevant configuration

Was successfully reproduced in the example SPA/node app: https://kratos-reference-ui-react-nextjs.vercel.app/

Version

v0.9.0-alpha.3

On which operating system are you observing this issue?

macOS

In which environment are you deploying?

No response

Additional Context

https://github.com/ory/kratos-selfservice-ui-react-nextjs

[perjo927]

If I log out and log in again, it starts working again, meaning I can activate TOTP verification again.

[aeneasr]

Thank you for the report, can you try doing the same flow you described, but loading a fresh settings flow - so calling the settings ui and removing the ?flow=... parameter? That should re-initialize the flow and reset the context.

This is still a bug though of course, I just want to see if that's the problem.

[perjo927]

Yes, I was just about to try actually, will get back to you! :)

[perjo927]

Hi @aeneasr . Your suggestion solves the issue.

Actually, I experienced a "related" problem, which was solved using the same method. If you'd like to, I can report this separately as well.

1. Login.
2. Go to settings.
3. Update profile settings; for instance password or name.
4. Scan QR code + link authenticator app, input verify/TOTP code.
5. All attempts to input verify code results in a response with "invalid code".
6. If I restart the flow, or login/logout, it becomes possible to pair and setup TOTP again.

[aeneasr]

Thank you! I think they have the same underlying problem so it's ok to keep track of it here :)

[perjo927]

Great, thanks for responding so swiftly! :)