Skip to main content

Retrieve a user's QR code for 2FA

Prerequisites

  1. The user needs to be added as a support user (via the api/user/add_support endpoint)
  2. Ideally, the users' agency needs to be set as test.

Part 1: Finding a User's TOTP secret

  1. Setup kubectl and authenticate with GCloud (@todo add link to docs)
  2. Port forward Cassandra `kubectl port-forward -n cassandra cassandra-cassandra-0 9042:9042
  3. Open DataGrip. Can use the free trial for 30 minutes.
  4. Connect to Phoenix
    • Open data sources by going to File > Data sources
    • Configure Phoenix Cassandra DB Cassandra DB
  5. Connect and open user > tables > messages
  6. Run the following query and replace %USER_ID% with the user's ID. You can find the user ID on Intercom. persistence_id='UserEntity|%USER_ID%' and ser_manifest='com.phoenix.user.impl.UserCreated'

Persistance Query 7. Find "totpSecret":"*****" in the event column

Part 2: Generating a QR Code

  1. Open https://stefansundin.github.io/2fa-qr/
  2. Paste the secret retrieve from part 1 into the secret field
  3. Type the label into the label field. EG: reOS
  4. Check advanced options and change the valid period to 60 seconds
  5. Take a screenshot of the QR code and send it to sales or whoever may need to forward it. Ideally send it directly to the customer so no one else can authenticate as them.