'Laravel Fortify not triggering 2FA challenge?

I've used Laravel Fortify to write some authentication for my app and I've setup the enable part of the 2FA, and that all works fine, but the problem I'm having is that it doesn't seem to trigger the challenge when a user logs in?

I've setup the custom view like so;

        Fortify::twoFactorChallengeView(function () {
            return view('auth.two-factor-challenge');
        });

and Fortify claims it should "...automatically redirect the user to your application's two factor authentication challenge screen." (https://laravel.com/docs/9.x/fortify#authenticating-with-two-factor-authentication), but this is not the case for me, it doesn't redirect at all.

Can't seem to find any sort of Middleware in the source-code to manually achieve this, so was wondering if someone might have an idea of what's going on?

I've manually checked my DB and all the two factor columns such as two_factor_secret are set correctly after enabling, so I'm a bit confused.

In my fortify config, I've got the below set since I don't want to confirm password and instead confirm the current OTP code for any changes that need to be made since that is what makes the most sense for my app I think. Not sure if disabling confirmPassword would cause this though?

Features::twoFactorAuthentication([
            'confirm' => true,
            'confirmPassword' => false,
        ]),


Solution 1:[1]

Just encountered this issue today and been searching for a solution in the Internet all day. Then I came across this article (https://epndavis.com/blog/laravel-fortify-two-factor-authentication/) which shows that the confirm attribute is not included in one of its snippets. Fortunate enough, after trying it on my end, logging in FINALLY triggers the 2FA challenge.

Therefore, your code should now look like this:

Features::twoFactorAuthentication([
     'confirmPassword' => false,
]),

In case you already solved this, I hope this answer would help others resolve this issue and move on to the other parts of their development.

PS. As a replacement for confirm, I'd recommend visiting this article: https://dev.to/nicolus/laravel-fortify-implement-2fa-in-a-way-that-won-t-let-users-lock-themselves-out-2ejk

Working example: https://github.com/xyberpastoril/PCBMS/pull/6

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1