Install is still too hard - Githubissues

jnewbigin / lpass-sso

GUI for lastpass-cli sso login

3 stars 2 forks source link

Install is still too hard #3

Open jnewbigin opened 3 years ago

jnewbigin commented 3 years ago

These are the current steps - yet to be validated

brew install node

cd
git clone https://github.com/jnewbigin/lpass-sso.git
cd lpass-sso

# Option 1: build with docker
auto/build
cd lpass-sso

# Options 2: build native
cd lpass-sso && yarn install && yarn build && yarn run electron-builder build -m zip

cd dist/mac/lpass-sso.app/Contents/
export LPASS_PINENTRY="$PWD/pinentry"

cd
git clone https://github.com/jnewbigin/lastpass-cli.git
cd lastpass-cli
git checkout sso
cmake -DCMAKE_INSTALL_PREFIX:PATH=/usr/local
make
./lpass login --sso username@example.com

If successful, a GUI will open and prompt you to start the Okta login flow.

Once these steps are confirmed, the next step is to make a repeatable way to run lpass.

I use a wrapper script /usr/local/bin/lpass which sets the LPASS_PINENTRY environment and then execs the real lpass client.

jnewbigin commented 3 years ago

@nottwo try these steps to get started

araff-r7 commented 3 years ago

Hi @jnewbigin , I just got a chance to get this working (mostly.) I'll make a PR shortly with some minor changes to the instructions I had to make to get this running.

One problem I'm having is that once I use ./lpass login --sso <email> the window pops up, redirects me to Okta, and lets me log in. Okta allowed me to sign in and accept the MFA prompt, but then the LaughPass Done... screen doesnt close out and the terminal command hangs without logging me in. I tested with ./lpass status and confirmed it does not finish the login process. Any ideas on this? Thanks for your continued help with this!!

araff-r7 commented 3 years ago

Just some more info on this. I did some extra troubleshooting steps and found that it in my instance, it seems to be failing with a 400 Bad Request error on the fetch to https://accounts.lastpass.com/federatedlogin/api/v1/getkey. Looking at the Network tab in Chrome, I see several 400 requests and then one 200 request for getkey. 5 of the responses come back without the k2, or a value for company_id and id_token, but one of them, seemingly the first call to getkey returns JSON with the k2 populated. Not sure if this is tied to our issue, but let me know if youd like screenshots to help debug. Thanks for your help on this!

araff-r7 commented 3 years ago

Hi @jnewbigin , let me know what info I can collect to help you troubleshoot this. Still getting a hang on the last step (Electron app saying "Done..." then not closing) on both Mac and Ubuntu. Happy to help test and document any future changes as well to help get this working. Cheers!

araff-r7 commented 3 years ago

Hi. Any update on this? This is causing issues on our end and we need a workaround. Thank you!

araff-r7 commented 3 years ago

Hi @jnewbigin , I just got a chance to get this working (mostly.) I'll make a PR shortly with some minor changes to the instructions I had to make to get this running.

One problem I'm having is that once I use ./lpass login --sso <email> the window pops up, redirects me to Okta, and lets me log in. Okta allowed me to sign in and accept the MFA prompt, but then the LaughPass Done... screen doesnt close out and the terminal command hangs without logging me in. I tested with ./lpass status and confirmed it does not finish the login process. Any ideas on this? Thanks for your continued help with this!!

This is still the issue. Just did a clean install and tested again on a new machine as well as my Mac. Now says "Finishing..." and hangs forever. Can we please have an update on this?

araff-r7 commented 3 years ago

Would you like me to open a new Issue so we can test and track progress?

jnewbigin commented 3 years ago

Hi, It has taken a while but I think I have things simplified a bit. My docs are still in progress - but I have pre-built binaries which should be working for mac users

Download lpass-sso-...-mac.zip from https://github.com/jnewbigin/lpass-sso/releases
Open a terminal
sudo ditto -xk --sequesterRsrc ~/Downloads/lpass-sso-...-mac.zip /Applications
export LPASS_PINENTRY=/Applications/lpass-sso.app/Contents/pinentry
Download lpass-mac from https://github.com/jnewbigin/lastpass-cli/releases/download/
chmod a+x cp ~/Downloads/lpass-mac
sudo cp ~/Downloads/lpass-mac /usr/local/bin/lpass

The export needs to be done in every terminal. I will prepare a step for setting that in .zshrc or .bashrc

I also plan to include lpass in the lpass-sso download so it should become a single download & install step.

https://github.com/jnewbigin/lastpass-cli/releases/download/v1.3.3/lpass-mac https://github.com/jnewbigin/lpass-sso/releases/download/v1.0.6/lpass-sso-1.0.6-mac.zip

farfromunique commented 3 years ago

What do Ubuntu users need to do? I was able to install the .deb package with apt, and lpass-sso brings up the window, login flow works, etc., but the window doesn't close.

Also, lpass login --sso <email> gives me:

login: unrecognized option '--sso'
Usage: lpass login [--trust] [--plaintext-key [--force, -f]] [--color=auto|never|always] USERNAME

farfromunique commented 2 years ago

Update: I re-installed everything and then downloaded the 4 changed files for your patch to lpass. re-install it, and now I have the --sso option. However, I can't seem to get past the "Finishing..." step in lpass-sso.