Add basic one-time password support #98
Conversation
This commit adds really simple support for using a 2nd factor with API requests. If the class is initialized with an `otp` option, this gem will try and get hold of a temporary token for the life of the instance.
|
@alexmuller Thanks a lot for your PR. Our API does have support for 2FA (via OTP) but only upon session sign-in and API credential generation. We believe that short-lived API credentials generated with a one-time-password would fulfill the requirements of our API consumers. That said, the type of API credential I'm talking about differs from our widely-used API Key implementation. I'm referring to our API Tokens which identify a user and also have more granular scope than our API Keys. They also have optional expirations that would support that kind of use case I imagine you have in mind without prompting for a new OTP with each request. We have documentation about Tokens here: https://docs.fastly.com/api/auth Notice the section on two-factor-authentication which outlines the request semantics. Unfortunately this library does not support the generation or destruction of tokens but that is a pull request that I would definitely accept. Please let me know if you have any questions! And as always you can email support@fastly.com if you need to get ahold of us outside of a pull request. |
|
@alexmuller After re-reading what I wrote, I want to clarify why I closed this PR. I would prefer to see Tokens managed a first-class objects of this library. That is, a At such a point in time that the library supports the creation of tokens, there wouldn't be any need to modify the authentication code as you have. You would be able to configure the library with a token in place of an API Key and everything would continue to work. |
|
Absolutely, I'd love to see tokens as an object here too - this pull request was mostly just a minimum viable sketch of what we'd need because I don't have time to do that at the moment :) Do you image the use looking something like this? @fastly = Fastly.new({ :user => 'username', :password => 'password' })
token = @fastly.create_token(:otp => '123456')
@fastly.api_key = token.access_token
@fastly.delete_token(token)Here's where I'd like to use it: alphagov/fastly-configure#13 |
This commit adds really simple support for using a 2nd factor with API requests.
If the class is initialized with an
otpoption, this gem will try and get hold of a temporary token for the life of the instance.I haven't written any tests for this yet - it'd be useful to know if this is something you'd consider or if you have any plans for adding token support to this client.
I'd love to make our usage of your API have 2 factor auth and getting this client to support it in even the most basic way would be really helpful.