2FA currently not supported on docker

[Disane87]

Currently 2FA of the scraped pages are not supported. Actually it's detected (i.e. for amazon) but there is no way to set it within a docker container

[soonic6]

will 2fa support be added? i am planing using and releasing it on unraid?

[Disane87]

In the future I guess yes. But I don't have any idea how to reliable implement this. Additionally it should work more or less unattended or only the with a convenient way to obtain/set the 2fa code

[tlwt]

To streamline the process of retrieving one-time passwords (OTPs) for Amazon, I propose adding a variable AMAZON_OTP to the Docker call. This variable can be utilized in calls requiring OTPs. Modern password managers, such as 1Password, allow automatic retrieval of OTPs via their CLI. Below is an example script (tested on MacOS) demonstrating how to achieve this with 1Password. Similar methods should work with other password managers.

OTPs are typically valid for 30 seconds, starting at the beginning of each minute and at the 30-second mark. The threshold ensures there is enough time remaining to process the login.

#!/bin/bash

# Set the threshold time, below which a new OTP should be fetched
threshold=10

# Function to calculate the remaining time
get_time_remaining() {
  # Get the current time in seconds since Unix epoch
  current_time=$(date +%s)

  # Calculate the number of seconds since Unix epoch modulo 30
  echo $((30 - current_time % 30))
}

# Initially fetch the remaining time
time_remaining=$(get_time_remaining)

# Check if the remaining time is below the threshold
if [ $time_remaining -le $threshold ]; then
  echo "The remaining validity time is $time_remaining seconds. Waiting for a new OTP..."

  # Countdown
  while [ $time_remaining -gt 0 ]; do
    echo "Waiting: $time_remaining seconds"
    sleep 1
    time_remaining=$((time_remaining - 1))
  done
fi

# Fetch the current OTP after the wait time has elapsed
otp_value=$(/usr/local/bin/op item get "amazon.de" --vault "Private" --otp)

# Recalculate the remaining time
time_remaining=$(get_time_remaining)

echo "Current OTP: $otp_value"
echo "Remaining validity time: $time_remaining seconds"

[Disane87]

Wow, that looks interesting. Will digg into that if I got some spare time. @tlwt thank you for this great proposal

[Disane87]

How will this work with unattended servers running that approach with OTP? I have an unraid server and that container runs completely off from any personal password/2fa managers.

As far as I understand your proposal needs a 2fa manager in access locally. But that isn't the case when you run it like in my use case.

If you run it completely on your computers docker I guess the non approach would be better since I could print for the otp, grab that and fill that into the otp field.

Any ideas?

[tlwt]

This workaround is intended for a local environment and is not suitable for servers.

Two-factor authentication (2FA) or multi-factor authentication (MFA) requires you to know, have, or be something. App passwords can sometimes be used as an alternative, but to my knowledge, Amazon.de does not offer app passwords or API access to invoices.

In theory, you could store the OTP secret within the app, allowing for on-the-fly generation of OTPs. However, this would defeat the purpose of multi-factor authentication, as both factors would be “knowledge” based and stored in one location.

A much better approach, specific to 1Password, is setting up a 1Password Connect server (https://developer.1password.com/docs/connect/get-started/).

Please note, I am not a security expert; I am simply sharing my thoughts on the matter.