From cd0f8ce4118e4bc5670000f9b8423991fc8d1835 Mon Sep 17 00:00:00 2001
From: Ike <137194738+ike-kottlowski@users.noreply.github.com>
Date: Fri, 15 Sep 2023 13:38:56 -0700
Subject: [PATCH] only tracking TOTPs in cache (#3275)

---
 src/Identity/IdentityServer/BaseRequestValidator.cs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Identity/IdentityServer/BaseRequestValidator.cs b/src/Identity/IdentityServer/BaseRequestValidator.cs
index 2fa41806b9..d52d3064a6 100644
--- a/src/Identity/IdentityServer/BaseRequestValidator.cs
+++ b/src/Identity/IdentityServer/BaseRequestValidator.cs
@@ -163,7 +163,8 @@ public abstract class BaseRequestValidator<T> where T : class
                 }
                 return;
             }
-            if (twoFactorProviderType != TwoFactorProviderType.Remember)
+            // We only want to track TOTPs in the chache to enforce one time use.
+            if (twoFactorProviderType == TwoFactorProviderType.Authenticator || twoFactorProviderType == TwoFactorProviderType.Email)
             {
                 await Core.Utilities.DistributedCacheExtensions.SetAsync(_distributedCache, cacheKey, twoFactorToken, _cacheEntryOptions);
             }