Two Factor Auth Not Sending Text Message

[jgable]

When using the gh create command to create a repo I am prompted for my username, then password, then a OTP code as expected but there is never a text message sent.

I raised the issue with Github support and got this response from @pengwynn:

Sorry for the confusion, this has bitten me more than a couple of times. To keep our SMS delivery fast for all 2FA users, the API only sends the OTP when sending a POST or PUT to the Authorizations API. The recommended approach is to use that API to create an OAuth access token that you can then use in the Authorization request header or like a password using Basic Auth.

I took a look at the code and it looks like what is happening is that the initial request for Authorizations is a GET request (the go-octokit authorizations.all() method is a GET), but does match a 2 factor error check so another POST or PUT request is never made to the Authorizations API.

So, it looks like something needs to make a subsequent PUT or POST request to the Authorizations API when a 2 factor error is detected.

[owenthereal]

@jgable Thanks for pointing that out. Yeah, this problem is solved in the gh branch of hub. The trick is to make a dummy request to trigger a 2FA SMS.

Please note that moving forward gh will be known as GitHub CLI. We're in the process of merging gh and hub. I could back port some fixes done on hub over to gh, if some of the problems are affecting current use of gh.

[shekibobo]

You create a token for your app (kind of like google's app-specific passwords) as outlined here. Generate yourself a token and use that instead of a password when logging in.

[owenthereal]

I have pulled in the fixes from hub.

[owenthereal]

Please try to compile gh from HEAD if you're using homebrew like this before I cut a release