Support

Admin Tools

#41998 Social Login 2FA not triggering email (for gmail user)

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
4.4.12
PHP version
8.2
Admin Tools version
n/a

Latest post by on Saturday, 12 July 2025 15:17 CDT

Adm1nT00ler

Sorry for submitting a SocialLogin issue here bcos I don't see the SocialLoogin option in the category dropdoown above. 

Anyway, the plugin works fine loging in the user but does not if the user has @FA enabled (or in a 2FA usergroup). It does not send the MULTIFACTOR AUTHENTICATION EMAI for gmail users as it does for username/password users. Could you pls advise how too fix this issue. I am suspecting that the sociallogin plugin does not properly register the authenticated gmail address into the user' profile oor the trigger for the 2FA does not kick-in

 

System Task
system
The ticket information has been edited by Austin (Adm1nT00ler).

System Task
system
The ticket information has been edited by Austin (Adm1nT00ler).

nicholas
Akeeba Staff
Manager

All SocialLogin does when you are logging in with Google is to access Google's OAuth2 URL and say "this is my application ID, ask the user if they want to log in".

If the user successfully logs in, Google says "here's a code; you can redeem it with a temporary access token".

SocialLogin takes that code and, now through the server, sends a request to a different Google OAuth2 endpoint which exchanges the code with a temporary access token.

Then, it uses this access token to access a third endpoint, again through the server, which gives us the user's name and email address.

At this point we check if there is a user with this email address in Joomla:

  • No user exists, user creation not allowed: an error is printed.
  • No user exists, user creation is allowed: a user is created, marked as a SocialLogin-enabled user for login with Google, and is logged in.
  • The user exists, they are not marked as a SocialLogin-enabled user for login with Google, and login of non previously verified users is disabled: an error is printed.
  • The user exists, they are not marked as a SocialLogin-enabled user for login with Google, but login of non previously verified users is enabled: the user is marked as a SocialLogin-enabled user for login with Google, and is logged in
  • The user exists, they are marked as a SocialLogin-enabled user for login with Google: the user is logged in

All we save is an ID Google gives us.

As you can see, WE HAVE ABSOLUTELY NO CONTROL WHATSOEVER ON HOW GOOGLE AUTHENTICATES THE USER. This is between Google and the user.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

System Task
system

This ticket has been automatically closed.

All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!