harleylang
commented
3 years ago Right, makes sense that an active token is needed on build.
I anticipate that this is going to be an unavoidable pain point. A solution could be not using 2FA, updating / using a super strong password with the account (e.g., 64 chars in length, generated by KeePass or something similar), and then using the .env encryption method I spitballed in #13.
Worth more discussion before we map out a solution.
Better handling of existing but invalid access tokens. For now we blanket use existing as otherwise container restarts would attempt to auth using stale 2FA token and fail. Likewise, if the access token expires or is revoked container restarts can cause the account to be locked temporarily. One downside of this is when if a user has an expired access token they need to manually remove it to trigger retrieval of a new access token.