OTP: Missing two factor header / Status Code 401

lowp4ss · Mars 19, 2025, 7:27

Hello guys

Installed latest PeerTube via Docker today, and so far it is great. Unfortunately, after enabling OTP in the User Interface, log out and trying to log in again, I am presented status code 401 instead of a field to enter the OTP.

Anything I miss?

production.yaml:

listen:
  hostname: '0.0.0.0'
  port: 9000

# Correspond to your reverse proxy server_name/listen configuration
webserver:
  https: true
  hostname: tube.redacted.com
  port: 443

# Proxies to trust to get real client IP
# If you run PeerTube just behind a local proxy (nginx), keep 'loopback'
# If you run PeerTube behind a remote proxy, add the proxy IP address (or subnet)
trust_proxy:
  - 'loopback'
  
tracker:
  enabled: false
  
federation:
  # Enable ActivityPub endpoints (inbox/outbox)
  enabled: false
  
signup:
  enabled: false
  # When the total number of users in your instance reaches this limit, registrations are disabled.
  # -1 == unlimited
  limit: 10
  minimum_age: 16 # Used to configure the signup form
  # Users fill a form to register so moderators can accept/reject the registration
  requires_approval: true
  requires_email_verification: true
  
secrets:
  peertube: 'redacted'

Chocobozzz · Mars 20, 2025, 5:50

Hi,

Can you paste the URL of your instance?

lowp4ss · Mars 20, 2025, 7:41

Thanks for your reply. Well, I’d prefer not to publish the URL, as the instance is for personal / friends / family use only (central management of educational videos). Therefore, access is also heavily restricted by the firewall / WAF.

Any ideas maybe with regards to configuration? I assume OTP completely runs on premise and does not need a separate container etc?

lowp4ss · Mars 20, 2025, 1:37

Seems like related to missing otp header (or content)?

[peertube.sample.com:443] 2025-03-20 13:01:44.773 debug: Missing two factor error {

  "err": {

    "stack": "missing_two_factor: Missing two factor header\n    at handlePasswordGrant (file:///app/dist/core/lib/auth/oauth.js:124:19)\n    at async handleToken (file:///app/dist/core/controllers/api/users/token.js:32:23)",

    "message": "Missing two factor header",

    "code": 401,

    "name": "missing_two_factor"

  }

}

In the documentation it says OTP value must be passed in the header x-peertube-otp. I assume this is done automatically? But, I am missing even the field to enter OTP.

lowp4ss · Mars 20, 2025, 6:14

Nvm, no problem with other reverse proxy. You can close this topic pls, as it is not an issue originating from peertube. Thx.