fhqvst
commented
6 years ago Not at this time, but will be able to spend some time on it this weekend.
Closed ausrasul closed 6 years ago
fhqvst
commented
6 years ago Not at this time, but will be able to spend some time on it this weekend.
ausrasul
commented
6 years ago I found out that when you do password authentication; you get a temporary cookie, you then use this cookie to send the one-time code to url /_api/authentication/sessions/totp which will give you the login cookie. I can also work on that.
From auto login point of view, I have two options: 1- If I can use a 2fa authenticator that provides API for automation, then we continue with 2fa implementation. 2- if not, then it makes more sense to use mobil bankid instead. That is a web gui to trigger the login remotely then login with mbankid.
Will research point #1, but what do you think?
gustafg
commented
6 years ago Please see this, it will not work for all, and I haven't even began to think about how this affects auto-reconnect so it's partly just removed. This is Mobilt BankID though: https://github.com/gustafg/avanza/tree/mbankid2018
ausrasul
commented
6 years ago I've done a patch for it. will send a PR soon. but first @gustafg will PR a few patches.
Mainly, you get the 2fa activation code (not the OTP=one-time-password) and add it with the credentials, this way the api will generate OTP whenever needed.
@gustafg said that 2FA will be mandatory starting 25 May, do you know how to send the 2fa code? like which URL etc.?