What to do when you see an ERROR 500 after trying to login with 2FA (2 Factor Authentification)

[ceberlin]

Just a searchable note here in case s.o. else runs into the same problem ?

You suddenly cannot log in any more with TFA/2FA (Two Factor Authentification)?
After the step two (inserting the 2FA code) the server responds with an ERROR 500?
There is no corresponding entry in the server logs?

Check this:

Open your site files with FTP, go to /site/assets/logs/ and look into the file exceptions.txt

If you find an entry there, like so:
... Invalid base32 string (in /site/modules/TfaTotp/TwoFactorAuth/lib/TwoFactorAuth.php line 190)
This indicates that the 2FA code got messed up.

Two ways to fix this:

1. Via FTP, move TfaTotp out of /modules/
2. Login and go to User/Profile
3. While the login session is active, via FTP, move TfaTotp back to /modules/
4. Disable TfaTotp - and then save your profile page
5. Re-enable TfaTotp - and then save your profile page again.

…or (tip from @adrianj):

1. Create a new superuser via the API and
2. login via that and then
3. disable and re-enable 2FA for the affected user via Access > Users.

---

More in depth info from @ryan at Github: 2FA login error 500.