-
Notifications
You must be signed in to change notification settings - Fork 179
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No attempt to use U2F Security Key #202
Comments
So no more U2F support in |
@chrisjaimon2012 #203 restores operation of SMS and TOTP 2FA, but not U2F. I did not write the previous U2F integration and am not quite sure how it worked, so maybe someone else can fix it. As far as I can tell, Google is switching to a JavaScript UI that is going to require something like Selenium to make U2F integration work, but I could be wrong. Personally I am leaning towards using aws-saml-capture-extension plus a shell script like this on the Mac: #!/usr/bin/env bash
aws-google-auth -k -p $0 --saml-assertion $(pbpaste) I would prefer someone fix aws-google-auth, but until then, this works better than the alternatives because, by using my real browser to log in, I have a reliable tool, I do not get asked for CAPTCHA or even 2FA that often, and since |
Another fallback option is to do something based on the https://g.co/sc one-time security codes. I have an initial support for that implemented in my https://github.com/andreaso/aws-google-auth/tree/wip/skotp-support branch, which builds on top of the #203 branch. |
Hmm.. I don't really think this one was closed by #203? @stevemac007? |
Looks like you are correct - this is back to the fact I don't have a device to test this with. |
@stevemac007: If you would like a Yubikey we can ship you one free of charge. |
This fixes a small issue from 77e7544 (cevoaustralia#206) where the code for handling the dual-prompt page was added, but the support for it wasn't added in the challenge-selection stage. This adds the `elif` clause neeeded to parse the dual prompt method. (Tested against 0.0.37 and login works successfully after this commit is applied.) Fixes cevoaustralia#202
Hi, any chance that volkangurel's PR can get merged soon? I can confirm that this works as a good alternative for Yubikey users. The user is asked to visit https://g.co/sc which gives them a one-time security code after verifying their Yubikey. |
I have a YubiKey U2F security key as my default MFA.
aws-google-auth
used to immediately use it when I logged in, but now it does not use it and instead prompts me to use a different MFA method.This appears to be caused by a change with Google's pages, but I do not fully understand how the U2F integration works. I can say when I look at the MFA challenge selector page given to
aws-google-auth
it says that the security key is "not supported on this device or browser".Update 1
On further investigation, it looks like U2F integration is switching to a JavaScript implementation. It may not be possible to support U2F without running JavaScript.
The text was updated successfully, but these errors were encountered: