Set Trusted Device

[m0urs]

I am wondering if there is a possibility to make the Python script act like it is a "Trusted device"? In this case it will not need the second factor only one time. This is possible with iOS App. Unfortunately I was not able to sniff the traffic from the mobile app (Certificate Pinning?) in order to find out which requests are made and the browser access does not have a possibility to set the browser as trusted device.

Any idea how to get that information?

[twrecked]

I would love to do this. I think there are 2 ways to do this:

• I register as a partner with Arlo and then you can authenticate against Arlo and get a long lived token - similar to Smartthing and IFTTT. I'd have to provide a web server for the re-direct but that's not a big issue. The problem here is I have no idea if the interface for IFTTT is the same as the web interface.

• They modify the web login to let the token last longer. In this case I can persist the token across restarts. This would be nice but I don't see it happening, maybe when they get rid of flash... I did play around with the login ordering when they changed to the new authentication system recently but couldn't get them to re-accept an old token. They have a new validate_token call so it might happen in the future. Saying that, there are a few combinations I didn't try.

As to how to find, I just usually play around with debugging in Chrome. I think getting at the iPhone and Android code would be difficult but that's not my area of expertise.

[m0urs]

Thanks! If you would find any solution until end of the year (they said they will then make 2FA mandatory for all accounts) that yould be really great. Let me know if I can do something. I have little (!) programming skills with Python ;-)

[m0urs]

As I now have a working solution where a re-login is only necessary from time to time, I do no longer need a setting for making it a trusted device. So, if you do not want to add that for yourself, you may close that issue. Thanks.