Then, a text message containing an authorization code is sent to the user's phone using auth.sendCode.
However, this is not always the case, if future auth tokens are used:
When invoking auth.logOut on a previously authorized session, the server may return a future_auth_token, which should be stored in the local database.
+
When invoking auth.logOut on a previously authorized session with 2FA enabled, the server may return a future_auth_token, which should be stored in the local database.
A future_auth_token is also contained in the auth.authorization returned when logging in.
At all times, the future auth token database should contain at most 20 tokens: evict older tokens as new tokens are added to stay below this limit.
When invoking auth.sendCode, all future auth tokens present in the database should be provided to codeSettings.logout_tokens.
-If any of the future auth tokens matches the account we're trying to login into and the token hasn't expired:
SESSION_PASSWORD_NEEDED RPC error, asking the user to enter the 2FA password, without sending any authorization code. SESSION_PASSWORD_NEEDED RPC error, directly asking the user to enter the 2FA password, without sending any authorization code.
Otherwise, the system will send an authorization code using the following logic:
codeSettings#ad253d78 flags:# allow_flashcall:flags.0?true current_number:flags.1?true allow_app_hash:flags.4?true allow_missed_call:flags.5?true allow_firebase:flags.7?true logout_tokens:flags.6?Vector<bytes> token:flags.8?string app_sandbox:flags.8?Bool = CodeSettings;