Feature request: limit login attempts with sf_auth

[vancelopez]

I use the sf_auth with the RStudio password api so that I don't have to hardcode my password in the script.

sf_auth(
  username = "",
  password = rstudioapi::askForPassword("Please enter your password"),
  security_token = "",
  verbose = TRUE
)

The issue is that the entry field is masked and sometimes I will type my password incorrectly. When this happens, sf_auth will reattempt login multiple times. SF will lock my account due to the number of incorrect attempts.

Can an argument in sf_auth for number of login attempts be added?

Many thanks. This is a fantastic package.

[StevenMMortimer]

Thanks @vancelopez! – I'll take a look, but I might de-prioritize now that Salesforce is requiring customers to use multi-factor authentication (MFA) (announcement link). The switch to MFA means that users will not be able to log into the Salesforce APIs using a username, password, and security token. Rather, they will need to generate an OAuth token interactively via the browser or some other means. I'm less familiar if there are service account tokens for Salesforce like Google's APIs allow developers to generate.

[vancelopez]

Thanks for having a look! Makes sense to not prioritize. Though, I'm not certain about the type of login used by sf_auth(), but it does appear certain API logins are exempt from MFA. https://help.salesforce.com/s/articleView?id=000352937&type=1 Thanks for the great work.  Sent from Yahoo Mail on Android On Mon, Mar 7, 2022 at 2:23 PM, Steven M. ***@***.***> wrote: Thanks @vancelopez! – I'll take a look, but I might de-prioritize now that Salesforce is requiring customers to use multi-factor authentication (MFA) (announcement link). The switch to MFA means that users will not be able to log into the Salesforce APIs using a username, password, and security token. Rather, they will need to generate an OAuth token interactively via the browser or some other means. I'm less familiar if there are service account tokens for Salesforce like Google's APIs allow developers to generate. — Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android. You are receiving this because you were mentioned.Message ID: ***@***.***>

[StevenMMortimer]

@vancelopez Great find. I don't quite understand the phrase "human login" because I don't see a definition of what that means anywhere, but your hunch might be correct that if you're logging into the API via security token (along with username and password) that is probably not a human login because there isn't a place for a human to type in their security token on the login screen. I would assume that is a programmatic/non-human login.

[StevenMMortimer]

Closing because I believe the better way is not to type a password in each time. Alternatives are to store in a local file or use interactive MFA authentication which stores credentials in a file in the working directory.