API Key Regeneration Fails with 2FA Enabled

[ryanbrainard]

I had 2FA enabled, but when trying to regenerate my API token via Dashboard, it said I had an invalid password. Disabling 2FA let me regenerate the token. This is probably a bug with Dashboard not prompting for the 2FA code, but logging it here since its 2FA-related.

cc: @heroku/web-apps

[dominic]

Yup.

https://github.com/heroku/dashboard/issues/766 https://github.com/heroku/dashboard/issues/1600

[friism]

This is a pretty bad problem, but not a blocker. A useful workaround is to ask users heroku-oauth to generate tokens: https://github.com/heroku/heroku-oauth

[markpundsack]

@friism The heroku-oauth plugin doesn't actually have the capability to generate API Keys, right? At any rate, we'll get this done as part of our commitment to Safe Harbor (https://trello.com/c/GSVcRBte).

[friism]

@markpundsack Yeah, I think it can be used for creates: https://github.com/heroku/heroku-oauth#creating According to @pedro, it can also create long-lived tokens.

[friism]

@markpundsack and awesome that it's on your roadmap!

[brandur]

Fix is in heroku/dashboard#1656. Closing this issue out in favor of that pull.