search

jmfernandes / robin_stocks

This is a library to use with Robinhood Financial App. It currently supports trading crypto-currencies, options, and stocks. In addition, it can be used to get real time ticker information, assess the performance of your portfolio, and can also get tax documents, total dividends paid, and more. More info at
http://www.robin-stocks.com
MIT License
1.69k stars 459 forks source link

how to auth and persist with cloud functions #259

Open jasan-s opened 3 years ago

jasan-s commented 3 years ago

Is it possible to auth with SMS MFA in a cloud function/lambda and persist auth

Could this be possible: on initial cloud function run the SMS mfa can be requested and session be saved and then when MFA received the session can be loader and mfa entered to get the auth token and refresh token. and then use the refresh token to refresh auth token before it expires.

PvanHengel commented 3 years ago

I'd be interested in collaborating on this. Looking to do something along these lines, I think for starters, we need to enable a way to ask for username and password via API, generate device token, store it with the challenge id. Then provide another API to accept those plus the sms code, in an async way. Right now it just waits for the entire process to happen on stdin. Finally, to store the session so we dont get challenged again, we need to pin the device code for that user / login pair. Needs to be tested, as not sure what other checks there are from a security point of view (eg ip devices etc), that might be used to expire the session. But at a minimum breaking the auth / challenge flow into two steps vs one is where I planned on starting, with the intent of building a login form of sorts vs CLI.