Two-factor authentication (2FA) support

wallabag / android-app

Android application to read your articles saved in your wallabag. You can also easily add new articles.

https://www.wallabag.org

GNU General Public License v3.0

470 stars 260 forks source link

Two-factor authentication (2FA) support #359

Open di72nn opened 7 years ago

di72nn commented 7 years ago

The app does not support 2FA (not relevant for wallabag v1.9).

Also maybe add a notice somewhere about 2FA not being supported in the meantime.

anarcat commented 7 years ago

note that this is related to a bunch of other issues. #203, as mentionned, but also #291 and #292.

symptoms of this problem include "Wallabag service not found" errors and receiving a 2FA code when trying to login through the app.

Strubbl commented 7 years ago

There is a hint in the documentation w.r.t. missing 2fa: http://doc.wallabag.org/en/master/user/android.html#two-factor-authentication-2fa

axilleas commented 6 years ago

I just bumped into this, it would be cool to support. A better error message would be helpful too :)

ChrisCarini commented 5 years ago

Hey @di72nn & @Strubbl, in 2019, what are the plans for 2FA support in the Android application? Is there anything particular blocking this feature/improvement being added?

di72nn commented 5 years ago

The thing is the app currently uses two ways to communicate with the server:

It makes HTTP requests and parses HTML responses to log into wallabag and to generate API credentials. This part is protected with 2FA.
After that the app uses the API credentials to actually function. This is not affected by 2FA.

Implementing 2FA support would require to further complicate the first part. The problem is that the app shouldn't be doing that part at all: there should be a different way of getting API credentials. So implementing 2FA at this point would be like creating a crutch for a crutch.

My memory is somewhat hazy on the matter, but as a workaround one probably can disable 2FA for the first setup, then after confirming that the app functions ok, enable 2FA again.

ChrisCarini commented 5 years ago

Hey @di72nn ,

Thanks for the detailed response - this makes a lot of sense. A secondary thought then; would it be possible for the app to instead prompt for API credentials (that the user can create via the web UI)? It may not be as great of an experience compared to simply logging in and entering the 2FA, but it might be a good-ish middle ground for the time being.

In the mean time, your workaround worked great for me! Thank you! The app is great! :)

Best, Chris

tasmo commented 1 month ago

In the first start wizard is no way to set up with client ID and secret. i always get an error.

di72nn commented 1 month ago

@tasmo you don't need to go through the wizard - just leave it (by pressing "back" or "skip") and manually set up the credentials in settings.