-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Logging in to app with two-factor authentication #328
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
possible enhancement, yes
…On Dec 6, 2016 11:56 AM, "Josephine Lim" ***@***.***> wrote:
Comment on our review page:
I can't login after enabling 2FA I've activated the Two Factor
Authentication and the app shows "Incorrect login"
Has anyone tried this before? Also, is there a need to support 2FA in our
app?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#328>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAGFBmVahWIPJDdBAyKoeicGLoB5nC1Vks5rFNzygaJpZM4LE_53>
.
|
Wikipedia App seems to have the same issue and has a pending change. It might be limited to power users, but there is a need. All sysops were asked to enable 2FA in late November if I recall it correctly. |
Confirm that logging in with two-factor authentication on is not possible. |
What problems were you experiencing with the app @VojtechDostal ? |
The app failed to start or crashed while searching for Nearby things. |
This is the first step to allowing 2 factor authentication commons-app#328. This uses the new API module clientlogin instead of the login module. We still report the same set of errors in a 'nice' way with real error messages, how ever there are lots more that can probably be handled, for example commons-app#507.
This is the first step to allowing 2 factor authentication commons-app#328. This uses the new API module clientlogin instead of the login module. We still report the same set of errors in a 'nice' way with real error messages, how ever there are lots more that can probably be handled, for example commons-app#507.
This is the first step to allowing 2 factor authentication commons-app#328. This uses the new API module clientlogin instead of the login module. We still report the same set of errors in a 'nice' way with real error messages, how ever there are lots more that can probably be handled, for example commons-app#507.
Not quite done yet |
Hi @addshore , any chance you might have the time in the near future to complete this? If not, should we add it to the IEG renewal proposal? |
I might have time to look at it over the coming weeks but adding it to the IEG grant sounds like a good idea! |
Just for the note the 2FA has been successfully implemented in the Wikipedia android app. I guess their implementation could help you finish this quickly i.e., you could use their implementation as reference. |
The Wikipedia app does not use OAuth. It has an in-app login flow that handles 2FA. |
This can be unblocked now that we have confirmed that OAuth is not possible and not needed. |
Our app already has most of the code in place needed for enabling 2FA. I am just not able to test it out as i am not a power user and as the article mentions only power users can enable it for their accounts. |
@maskaravivek , you can ask the stewards to add you to the "oath testing group". I believe such requests are done at https://meta.wikimedia.org/wiki/Steward_requests/Global_permissions#Requests_for_other_global_permissions |
Thanks @strainu for the link. Got the permission by creating a phab ticket. https://phabricator.wikimedia.org/T183079 |
What what i understand, The Read a few posts regarding handling of cookies for 2FA enabled authentication and finally decided to create and store a cookie in such cases. Ref Wikimedia APIs require these cookies for all subsequent requests. @psh @misaochan Your insights here would be useful. :) @dbrant Does this sound good? I tried to follow the approach Wikimedia app takes around authentication, but then Wikimedia app never makes a call to |
@maskaravivek I just requested global OATH permissions for the production servers - https://meta.wikimedia.org/wiki/Steward_requests/Global_permissions#Requests_for_other_global_permissions . Hopefully we will be able to test your PR soon. :) Re: creating a cookie, your approach looks reasonable to me, however it would be best to wait for @dbrant 's input due to potential privacy concerns. |
It's already done, @misaochan :) took them only 4 minutes. |
@VojtechDostal Wow, cool! :) That was fast, haha. Will set my 2FA up and test ASAP. |
@maskaravivek The Wikipedia app basically stores all cookies in Implementing 2FA simply means that instead of returning a successful reply, the API will return a special status message that should cause your app to ask for the 2FA code, and then pass the code back to the API in your next request. |
Fixed in #1048 |
Comment on our review page:
Has anyone tried this before? Also, is there a need to support 2FA in our app?
The text was updated successfully, but these errors were encountered: