How can a user logging in request re-sending of their auth code?

[funkybob]

Describe the bug
When a user is trying to authenticate, the token sent may expire before they have a chance to complete login.
The usual way to address this is provide a button so they can request another token to be sent.

According to the documentation https://django-trench.readthedocs.io/en/latest/endpoints.html#send-the-code
Posting to /code/request:
Triggers sending out a code. If no method specified in the payload user’s primary MFA method will be used.

However, the view class for that:

class MFAMethodRequestCodeView(APIView):
    permission_classes = (IsAuthenticated,)

Meaning you must already be authenticated before you can ask for the code to allow you to authenticate.

All other views in views/base.py are also marked with similar permissions, besides the MFAStepMixin which is marked as AllowAny.

[funkybob]

For now we're working around this by re-posting the credentials to the login endpoint.

[nefrob]

You could override the _successful_authentication_response function in a custom view and make it return a token with a longer expiration window.

[funkybob]

That would counteract the purpose of a token timeout in the first place.

If I just wanted a longer timeout, I could change the settings.

I want to be able to send a new token. Like most other 2FA login systems provide the option for.