Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

ctrlaltdelme's avatar

Fortify + Inertia - Need to redirect after confirming password

I'm trying to set up 2FA for users and can successfully enable and disable, but when I go to generate the recovery codes, it wants to confirm the users password. This is fine because the Vue starter kit has that view already so I configured Fortify to use it. I configured my button handler on a 423 (thrown by Axios) to go to the password confirm page. But after the user confirms their password, they're redirected back to the dashboard, per the config. So that's technically working as designed, but how would I redirect back to the settings page so I can show those backup codes?

0 likes
3 replies
vincent15000's avatar

@ctrlaltdelme I don't use any starter kit, but you can do something like this.

According to me, you have to handle this frontend side.

If you configure your button handler on a 423 response to redirect to the password confirm page, you can do something simple :

  • ask to enable 2FA (click on the button)

  • 423 response => then go to the password confirmation page

  • if the password is ok, retrieve the 2FA codes

You could also create a VueJS component with a confirm password modal that is triggered every time it's needed to confirm the password, with a Promise to resolve it according to the right password confirmation.

You could have a code similar to this one.

const destroy = async (item) => {
    const confirmed = await modal.value.dialog();

    if (confirmed) {
        const res = await categoriesService.delete(item);

        if (res.status === 204) {
            const index = categories.value.data.findIndex(category => category.id === item.id);

            if (index >= 0) {
                categories.value.data.splice(index, 1);
            }
        }
    }
}

And the modal.value.dialog() could handle the password confirmation request.

ctrlaltdelme's avatar

Interestingly, if I use axios.get() on the two-factor.recovery-codes route, I get the 423. If I use the native Javascript fetch API, I just get a 200. Very odd.

Now I'm wondering what best practice is for security. When do you prompt for a password confirmation as it relates to 2FA?

1 like
vincent15000's avatar

Let me try 2FA today with Intertia and I come back to tell you something.

Please or to participate in this conversation.