From 00324f922d1c913087b6a4352eef6733c72572ed Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Thu, 11 Nov 2021 21:27:06 +0100
Subject: [PATCH] outposts: send SelectedChallenge when using MFA with Go
 FlowExecutor

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
---
 internal/outpost/flow.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/internal/outpost/flow.go b/internal/outpost/flow.go
index 0c353c3ff..1306b7204 100644
--- a/internal/outpost/flow.go
+++ b/internal/outpost/flow.go
@@ -130,8 +130,8 @@ func (fe *FlowExecutor) getAnswer(stage StageComponent) string {
 
 // WarmUp Ensure authentik's flow cache is warmed up
 func (fe *FlowExecutor) WarmUp() error {
-	defer fe.sp.Finish()
 	gcsp := sentry.StartSpan(fe.Context, "authentik.outposts.flow_executor.get_challenge")
+	defer gcsp.Finish()
 	req := fe.api.FlowsApi.FlowsExecutorGet(gcsp.Context(), fe.flowSlug).Query(fe.Params.Encode())
 	_, _, err := req.Execute()
 	return err
@@ -190,6 +190,7 @@ func (fe *FlowExecutor) solveFlowChallenge(depth int) (bool, error) {
 		}
 		devId32 := int32(devId)
 		inner := api.NewAuthenticatorValidationChallengeResponseRequest()
+		inner.SelectedChallenge = (*api.DeviceChallengeRequest)(deviceChallenge)
 		inner.Duo = &devId32
 		responseReq = responseReq.FlowChallengeResponseRequest(api.AuthenticatorValidationChallengeResponseRequestAsFlowChallengeResponseRequest(inner))
 	case string(StageAccessDenied):