I’ve noticed that some services supporting TOTP are missing from the “Inactive two-step login” report in the Web Vault, even when they are present in the underlying 2FA directory data.
Example: NextDNS (nextdns.io) is listed in the 2fa.directory API as follows: ["NextDNS",{"domain":"nextdns.io","tfa":["totp"],"keywords":["security"]}]
The Issue: Looking at the clients repository, the logic for parsing this JSON appears to skip any entry that doesn’t have a documentation field:
for (const service of responseJson) {
const serviceData = service;
if (serviceData.domain == null) {
continue;
}
if (serviceData.documentation == null) {
continue; // This filters out valid services like NextDNS
}
.
.
.
.
}
Suggestion: Could we modify this to include services even if the documentation link is null? Instead of omitting the entry entirely, the UI could simply show “Instructions unavailable” or something similar.
What do you think?