Unable to authenticate due to 2FA

orshemtov commented 1 year ago

Describe the bug I'm unable to authenticate with IB

To Reproduce

version: "2.1"

services:
  ibeam:
    image: voyz/ibeam
    container_name: ibeam
    env_file:
      - env.list
    ports:
      - "5000:5000"
      - "5001:5001"
    network_mode: bridge # Required due to clientportal.gw IP whitelist
    restart: 'no' # Prevents IBEAM_MAX_FAILED_AUTH from being exceeded

Bring up IBEAM through Docker compose docker compose up -d

This is the logs the container outputs:

2022-12-09T10:03:49.536535400Z 2022-12-09 10:03:49,535|I| ############ Starting IBeam version 0.4.3 ############
2022-12-09T10:03:49.540481300Z 2022-12-09 10:03:49,539|I| Secrets source: env
2022-12-09T10:03:49.542062500Z 2022-12-09 10:03:49,541|I| Health server started at port=5001
2022-12-09T10:03:49.543466100Z 2022-12-09 10:03:49,542|I| Gateway not found, starting new one...
2022-12-09T10:03:49.543505400Z 2022-12-09 10:03:49,543|I| Note that the Gateway log below may display "Open https://localhost:5000 to login" - ignore this command.
2022-12-09T10:03:49.553603000Z running  
2022-12-09T10:03:49.553652500Z  runtime path : root:dist/ibgroup.web.core.iblink.router.clientportal.gw.jar:build/lib/runtime/*
2022-12-09T10:03:49.553674300Z  verticle     : 
2022-12-09T10:03:50.551232100Z 2022-12-09 10:03:50,550|I| Gateway started with pid: 14
2022-12-09T10:03:51.088116100Z WARNING: An illegal reflective access operation has occurred
2022-12-09T10:03:51.088155800Z WARNING: Illegal reflective access by io.netty.util.internal.ReflectionUtil (file:/srv/clientportal.gw/build/lib/runtime/netty-common-4.1.15.Final.jar) to constructor java.nio.DirectByteBuffer(long,int)
2022-12-09T10:03:51.088181000Z WARNING: Please consider reporting this to the maintainers of io.netty.util.internal.ReflectionUtil
2022-12-09T10:03:51.088203800Z WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
2022-12-09T10:03:51.088227700Z WARNING: All illegal access operations will be denied in a future release
2022-12-09T10:03:51.815844400Z  -> mount demo on /demo
2022-12-09T10:03:51.881987700Z Java Version: 11.0.15
2022-12-09T10:03:51.882075000Z ****************************************************
2022-12-09T10:03:51.882181900Z version: ed4af2592e9dd4a784d5403843bd18292fd441ea Fri, 9 Nov 2018 13:23:18 -0500
2022-12-09T10:03:51.882299400Z ****************************************************
2022-12-09T10:03:51.882349200Z This is a Beta release of the Client Portal Gateway
2022-12-09T10:03:51.883049900Z for any issues, please contact api@ibkr.com
2022-12-09T10:03:51.883434200Z and include a copy of your logs
2022-12-09T10:03:51.884218400Z ****************************************************
2022-12-09T10:03:51.885836300Z https://www.interactivebrokers.com/api/doc.html
2022-12-09T10:03:51.886591100Z ****************************************************
2022-12-09T10:03:51.887165600Z Open https://localhost:5000 to login
2022-12-09T10:03:51.887189400Z App demo is available after you login under: https://localhost:5000/demo/
2022-12-09T10:03:55.797246600Z 2022-12-09 10:03:55,796|I| No active sessions, logging in...
2022-12-09T10:04:07.111902700Z 2022-12-09 10:04:07,111|I| Credentials correct, but Gateway requires two-factor authentication.
2022-12-09T10:04:07.112542800Z 2022-12-09 10:04:07,111|C| ######## ATTENTION! ######## No 2FA handler found. You may define your own 2FA handler or use built-in handlers. See documentation for more: https://github.com/Voyz/ibeam/wiki/Two-Factor-Authentication
2022-12-09T10:04:07.196930400Z 2022-12-09 10:04:07,196|I| Authentication process failed
2022-12-09T10:04:07.197013300Z 2022-12-09 10:04:07,196|W| Shutting IBeam down due to critical error.
2022-12-09T10:04:46.708680600Z 2022-12-09 10:04:46,707|I| ############ Starting IBeam version 0.4.3 ############
2022-12-09T10:04:46.716222200Z 2022-12-09 10:04:46,715|I| Secrets source: env
2022-12-09T10:04:46.720280000Z 2022-12-09 10:04:46,719|I| Health server started at port=5001
2022-12-09T10:04:46.722402700Z 2022-12-09 10:04:46,721|I| Gateway not found, starting new one...
2022-12-09T10:04:46.722678200Z 2022-12-09 10:04:46,722|I| Note that the Gateway log below may display "Open https://localhost:5000 to login" - ignore this command.
2022-12-09T10:04:46.736466500Z running  
2022-12-09T10:04:46.736529300Z  runtime path : root:dist/ibgroup.web.core.iblink.router.clientportal.gw.jar:build/lib/runtime/*
2022-12-09T10:04:46.736562400Z  verticle     : 
2022-12-09T10:04:47.732640600Z 2022-12-09 10:04:47,732|I| Gateway started with pid: 15
2022-12-09T10:04:48.362716700Z WARNING: An illegal reflective access operation has occurred
2022-12-09T10:04:48.362832100Z WARNING: Illegal reflective access by io.netty.util.internal.ReflectionUtil (file:/srv/clientportal.gw/build/lib/runtime/netty-common-4.1.15.Final.jar) to constructor java.nio.DirectByteBuffer(long,int)
2022-12-09T10:04:48.362868100Z WARNING: Please consider reporting this to the maintainers of io.netty.util.internal.ReflectionUtil
2022-12-09T10:04:48.362891100Z WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
2022-12-09T10:04:48.362910200Z WARNING: All illegal access operations will be denied in a future release
2022-12-09T10:04:49.093482200Z  -> mount demo on /demo
2022-12-09T10:04:49.129472500Z Java Version: 11.0.15
2022-12-09T10:04:49.129533400Z ****************************************************
2022-12-09T10:04:49.129564000Z version: ed4af2592e9dd4a784d5403843bd18292fd441ea Fri, 9 Nov 2018 13:23:18 -0500
2022-12-09T10:04:49.129584100Z ****************************************************
2022-12-09T10:04:49.129606800Z This is a Beta release of the Client Portal Gateway
2022-12-09T10:04:49.129629400Z for any issues, please contact api@ibkr.com
2022-12-09T10:04:49.129652200Z and include a copy of your logs
2022-12-09T10:04:49.129675100Z ****************************************************
2022-12-09T10:04:49.129692400Z https://www.interactivebrokers.com/api/doc.html
2022-12-09T10:04:49.129718900Z ****************************************************
2022-12-09T10:04:49.129742200Z Open https://localhost:5000 to login
2022-12-09T10:04:49.129765100Z App demo is available after you login under: https://localhost:5000/demo/
2022-12-09T10:04:51.571758600Z 2022-12-09 10:04:51,571|I| No active sessions, logging in...
2022-12-09T10:05:01.444050400Z 2022-12-09 10:05:01,443|I| Credentials correct, but Gateway requires two-factor authentication.
2022-12-09T10:05:01.445338600Z 2022-12-09 10:05:01,444|C| ######## ATTENTION! ######## No 2FA handler found. You may define your own 2FA handler or use built-in handlers. See documentation for more: https://github.com/Voyz/ibeam/wiki/Two-Factor-Authentication
2022-12-09T10:05:01.526982300Z 2022-12-09 10:05:01,526|I| Authentication process failed
2022-12-09T10:05:01.528771400Z 2022-12-09 10:05:01,527|W| Shutting IBeam down due to critical error.

It suggest looking at 2FA here: https://github.com/Voyz/ibeam/wiki/Two-Factor-Authentication

There are 3 options:

Google messages - is out of consideration since I don't own an Android device
EXTERNAL_REQUEST - i do not understand how to implement this
CUSTOM - i do not understand how to implement this

Expected behavior IBeam should login successfully, the only 2FA method I use with IB is the IB Key through the App

Environment IBeam version: latest Docker image or standalone: docker Python version (standalone users only): docker OS: docker

Additional context Add any other context about the problem here.

Suggest a Fix If you can't fix the bug yourself, perhaps you can point to what might be causing the problem (line of code or commit).

Voyz commented 1 year ago

Hey @orshemtov thanks for bearing with me, busy period over the holidays. Sorry to hear that you've got an issue setting up 2FA. In general, IBeam does not provide an out-of-box solution for 2FA as it depends on the user's setup and resources. You can find one example of how some users solved it in this section:

https://github.com/Voyz/ibeam/wiki/Two-Factor-Authentication#automating-2fa

Wish I could be of more help, but currently this process needs to be automated by each user individually. Best of luck!

a1exus commented 1 year ago

i also have an issue with authentication:

ibeam    | Open https://localhost:5000 to login
ibeam    | App demo is available after you login under: https://localhost:5000/demo/
ibeam    | 2023-01-25 05:11:13,576|I| No active sessions, logging in...
ibeam    | 2023-01-25 05:11:43,477|E| Timeout reached when waiting for authentication. Consider increasing IBEAM_PAGE_LOAD_TIMEOUT. Error: "" at   File "/srv/ibeam/src/authenticate.py", line 201, in authenticate_gateway    any_of(success_present, two_factor_input_present, error_displayed, ibkey_promo_skip_clickable))
ibeam    | 2023-01-25 05:11:43,890|I| Authentication process failed
ibeam    | 2023-01-25 05:11:43,917|I| Starting maintenance with interval 60 seconds
ibeam    | 2023-01-25 05:12:44,098|I| No active sessions, logging in...

i do face unlock through the app on my iPhone as 2fa but still no luck(

a1exus commented 1 year ago

i restarted it again and even though i didn't make any changes, it started to work for me ;-)

ibeam    | Open https://localhost:5000 to login
ibeam    | App demo is available after you login under: https://localhost:5000/demo/
ibeam    | 2023-01-25 05:11:13,576|I| No active sessions, logging in...
ibeam    | 2023-01-25 05:11:43,477|E| Timeout reached when waiting for authentication. Consider increasing IBEAM_PAGE_LOAD_TIMEOUT. Error: "" at   File "/srv/ibeam/src/authenticate.py", line 201, in authenticate_gateway    any_of(success_present, two_factor_input_present, error_displayed, ibkey_promo_skip_clickable))
ibeam    | 2023-01-25 05:11:43,890|I| Authentication process failed
ibeam    | 2023-01-25 05:11:43,917|I| Starting maintenance with interval 60 seconds
ibeam    | 2023-01-25 05:12:44,098|I| No active sessions, logging in...
ibeam    | 2023-01-25 05:13:03,210|I| Authentication process succeeded
ibeam    | 2023-01-25 05:13:06,414|I| Gateway running and authenticated

Voyz commented 1 year ago

Closing this issue due to lack of activity. Feel free to reopen if you'd like to continue the discussion 👍

Voyz / ibeam

Unable to authenticate due to 2FA #120