2 factor authentication support/bypass?

[mattdconnell]

I have 2FA enabled on my Live account. When I try to connect using the plugin, I get the approve/deny popup on the MS Account (Android) app, but approving it does nothing.

Pidgin shows the "Failed getting Magic T value" message. Repeated connection attempts using Pidgin provide multiple 2FA prompts, so I know that my credentials are correct and that I have communication.

I tried generating and using an "app" password for my MS account, with no success.

Am I missing something or doing something stupid? Is there a workaround besides disabling 2FA?

Thanks for your work!

[EionRobb]

You're probably the first person I've come across who uses 2FA with the plugin! :)

The plugin isn't really expecting any response from the server other than 'login successful' so 2FA isn't going to work at the moment.

[mattdconnell]

Thanks for the quick reply.

I disabled 2FA, and I was immediately able to connect, so that confirms it as the cause of the error message.

If 2FA is something you're interested in supporting, then I can edit the issue to be more of a feature request so other people might find it. If that's out of scope, you can probably just close this.

[EionRobb]

Definitely interested in supporting it... more security is better than less security :D

I guess if you could send through a debug log we might be able to see what's going on with 2FA.... I should also be not lazy and add 2FA to my account to test too :D

[mattdconnell]

Believe this is the sum of the debug log from my connection attempt. If this isn't correct or complete, let me know.

skype-pidgin-2FA-debug-log.txt

[EionRobb]

Ah, not enough info in there to go on, unfortunately. I'll stop being lazy and try turning on 2FA myself to see what happens.

[EionRobb]

Hmm.. does it work if you create an app password at http://account.live.com/APHelp ?

[mattdconnell]

No, I get the same error message with an app password, but I don't get the 2FA prompt on my phone either.

[EionRobb]

Wow, there's a pretty crazy login process for 2FA (just going to document it here to help me work out how to update the code to do this) Most of the login process is the same as without 2FA, except we don't get given the "magic T value" straight away, and instead we have to poll https://login.live.com/GetSessionState.srf once a second until the 2FA is allowed/denied on the phone or whatever. The super-crazy bit is the response for that call is a transparent GIF image. If it's a 1x1 image, its pending approval, if its 2x2 its been rejected, if its 1x2 then it's been approved; upon which we get the login.srf page again which should provide the "magic T"

[AeliusSaionji]

Also interested in getting two factor up and running :) Or at the very least, "app password"

[Traediras]

Would love to know if there's some sort of fix in the works. Have tried using both my Skype and Live usernames with my normal and app-generated passwords, but I've been consistently getting this error..

[zeorin]

+1 Love the plugin. Just turned on 2FA after mergin my accounts and would love to have support for it.

[MartinX3]

+1 I wouldn't deactivate 2FA, because of the security aspects!

[ViperGeek]

Not sure how to show support for this idea other than a +1 reply, but I'm also very interested in gaining support for 2FA as well. Everything was good 'til Microsoft Microsoft-ized Skype, merging credentials without an opt-out option.

[AeliusSaionji]

Actually, everything was not good until Microsoft enforced 2FA security across Skype logins.

Now the third party clients need to catch up.

[isakrubin]

+1

[dequis]

The last commit adds a checkbox in the advanced tab, "Use alternative login method", which supports 2fa if you use app passwords. It's opt-in for now because it's experimental but it definitely helps for this use case.

Just go to "Create a new app password" in https://account.live.com/proofs/Manage/additional then set that as the password in the plugin and enable "Use alternative login method" in the advanced tab.

[cizra]

Proper support for 2FA would be even groovier, but now I can use skype4pidgin with app password. Thanks!

[MartinX3]

Thanks you for the work, but now I get the following error "Error getting BinarySecurityToken"

Tested with an fresh app password and the alternative login method.

[MartinX3]

Now I'm getting "Failed getting PPFT value" with an application password and the alternative login method activated.

[dequis]

"Failed getting PPFT value" is an error from the oauth flow, that's not alt login.

"Error getting BinarySecurityToken" is a SOAP error which is alt login and is fine. Not sure what causes it. I'll improve the debug output and error messages later when I have time.

[MartinX3]

Weird, because i didn't changed the alt-login setting, after I enabled it. The option box is still checked.

Edit: I re-checked the option box. Now, i get again the "Error getting BinarySecurityToken"-Message.

[mattconnell]

My Advanced tab has an option with no text. http://i.imgur.com/evKHkoj.png

I've tried reinstalling both the plugin DLL and libjson-glib, as well as deleting the old account I had configured and making a new one from scratch. Anyone else seen this?

I should note that I still get the Magic T Value message when checking the textless option box.

[dequis]

The textless option doesn't do anything, ignore it.

Whatever version it is that you're installing isn't the last git commit. Development builds are available from this url:

https://eion.robbmob.com/libskypeweb.dll

[mattconnell]

Whatever version it is that you're installing isn't the last git commit.

Thank you. This was my problem. I downloaded the version from the Releases page, rather than from EionRobb's site. Things appear to be working as expected now.

[MartinX3]

Weird, because i didn't changed the alt-login setting, after I enabled it. The option box is still checked. Edit: I re-checked the option box. Now, i get again the "Error getting BinarySecurityToken"-Message.

Since todays update (without changing anything at my side) in the ubuntu repository the error has gone away and I'm logged in. THANK YOU! <3