Closed jlevon closed 2 years ago
jlevon
commented
2 years ago @zdave clearly not a proper fix, but this is the change I needed to fix issue #18 - is this because there's no challenge for this case? No idea if this will work for others but it does for me!
(Side thing - would you take a PR to add a question/response for choosing the MFA method? sometimes I push, sometimes I yubikey...)
zdave
commented
2 years ago Side thing - would you take a PR to add a question/response for choosing the MFA method? sometimes I push, sometimes I yubikey...
I'd probably add an option to allow the priority for a factor to be specified explicitly? Like --factor-priority token:hardware 0 or something.
jlevon
commented
2 years ago I'd probably add an option to allow the priority for a factor to be specified explicitly? Like
--factor-priority token:hardware 0or something.
ok, sounds fine, thanks.
jlevon
commented
2 years ago @zdave thanks - I tested this with push and my yubikey.
zdave
commented
2 years ago I'd probably add an option to allow the priority for a factor to be specified explicitly? Like
--factor-priority token:hardware 0or something.ok, sounds fine, thanks.
FYI I've just pushed a commit to implement this. --factor-priority token:hardware 9 should make it prefer the YubiKey factor.
jlevon
commented
2 years ago ah, thanks, you beat me!
We should just use the stateToken from the original user/pass auth, not attempt to post to the verify endpoint first.
This fixes at least token:hardware usage with a configured Yubikey.
Signed-off-by: John Levon levon@movementarian.org