New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
github basic authentication does not support 2FA #669
Comments
Thanks @jtrinklein that’s definitely something we should cover, it won’t be easy with the current API ... The first thought would be to add another param to github.authenticate({
type: 'basic',
username: process.env.USERNAME,
password: process.env.PASSWORD,
code: twoFactorAuthCode
}) Would that help? Any other ideas? I’ll ask the other Octokit maintainers how they handle it right now |
That's exactly what I was thinking. I can't really see a better way around it at this time. It would definitely be enough for my use case anyway. |
Actually I'm not sure that would work... After the first use the code would become invalid. It would need to do something like detect that |
Yeah this is not ideal. I’ll have to experiment with it. Creating an access token with the basic + 2FA code is what GitHub recommends to do, it’s currently not well covered by the APIs. But you can pass custom headers to the API calls const GitHub = require('.')
const client = new GitHub()
client.authenticate({
type: 'basic',
username,
password
})
const {data: {token} = await client.authorization.create({
note: 'funky',
headers: {
'x-github-otp': twoFactorCode
}
})
client.authenticate({
type: 'token',
token
}) Does that work for you? |
Yes, that will work. Thank you. |
@colinrymer as a follow up to octokit/discussions#11 (comment) The latest
On the next request it would get a token using Does that make sense? I'd love folks to experiment with these APIs to see if the work well with common use cases. |
Hi @gr2m what can I help you to make this into a release asap? :) |
@zeidlos thanks for your help! The best thing to do right now would be to create a plugin that implements a new method such as Sounds good? |
The latest news on this is that I plan to add proper support for 2FA authentication with const clientWithAuth = new Octokit({
auth: {
username,
password,
async on2Fa () {
// ask user for 2FA code here and resolve with the code
}
}) Internally, Would that work for all your usecases? |
Today I thought why wait for v17 if we can just do octokit.authenticate({
type: 'basic',
username: 'yourusername',
password: 'password'
on2fa () {
// must return or resolve with a two-factor code
}
}) so here we go: https://github.com/octokit/rest.js#authentication 🎉 |
🎉 This issue has been resolved in version 16.10.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
If a user has 2FA enabled, the authenticate() call will fail. This example will reproduce the issue:
This will fail with the following error:
Github documentation for working with two factor authentication says:
✏️ Forgot to specify you need to make an actual API request for the authentication failure to manifest.
The text was updated successfully, but these errors were encountered: