Summary
On Chase accounts where the only 2FA option is "Confirm using our mobile app" (push notification), the script incorrectly falls through to the SMS code-waiting flow, times out, and exits with ERROR: Login failed.
Root Cause
get_all_text_including_shadow() returns only the page header text ("confirm your identity / let's make sure it's you"). The actual option card text lives inside an mds-list-item custom element whose shadow DOM content is not captured. So has_mobile_app_option is False even though the page clearly shows the mobile-push option.
The last-resort URL check looks for identity/confirm/auth/verify in the URL, but Chase's 2FA picker URL (chase.com/web/auth/dashboard) contains none of those keywords.
Proposed Fix
Add a text-based last resort: if body_text_lower contains "let's make sure it's you" AND neither SMS nor mobile-app was detected, assume mobile-push (we are clearly on the 2FA picker). Also add 'dashboard' and 'secure' to the URL keyword list.
Secondary Issue: No mobile-push handling path
Even after detection is fixed, the script needs to:
- Click the
mds-list-item card for the mobile app option
- Write
MOBILE_APP_APPROVAL_NEEDED to the status file
- Poll for page URL redirect (away from the 2FA page) for up to 180s while the user approves on their phone
Notes
- SMS 2FA is not available on this account — Chase only presents the mobile-push option
- Setting
CHASE_2FA_PHONE_LAST4 has no effect (no SMS radio buttons present)
- 2FA page URL pattern:
chase.com/web/auth/dashboard
Environment
- Docker
chase-travel:local, Windows 11
- Account type: Chase business / Sapphire
- Reproduced: May 28, 2026
Summary
On Chase accounts where the only 2FA option is "Confirm using our mobile app" (push notification), the script incorrectly falls through to the SMS code-waiting flow, times out, and exits with
ERROR: Login failed.Root Cause
get_all_text_including_shadow()returns only the page header text ("confirm your identity / let's make sure it's you"). The actual option card text lives inside anmds-list-itemcustom element whose shadow DOM content is not captured. Sohas_mobile_app_optionisFalseeven though the page clearly shows the mobile-push option.The last-resort URL check looks for
identity/confirm/auth/verifyin the URL, but Chase's 2FA picker URL (chase.com/web/auth/dashboard) contains none of those keywords.Proposed Fix
Add a text-based last resort: if
body_text_lowercontains"let's make sure it's you"AND neither SMS nor mobile-app was detected, assume mobile-push (we are clearly on the 2FA picker). Also add'dashboard'and'secure'to the URL keyword list.Secondary Issue: No mobile-push handling path
Even after detection is fixed, the script needs to:
mds-list-itemcard for the mobile app optionMOBILE_APP_APPROVAL_NEEDEDto the status fileNotes
CHASE_2FA_PHONE_LAST4has no effect (no SMS radio buttons present)chase.com/web/auth/dashboardEnvironment
chase-travel:local, Windows 11