No attempt to use U2F Security Key #202
Comments
|
So no more U2F support in |
|
@chrisjaimon2012 #203 restores operation of SMS and TOTP 2FA, but not U2F. I did not write the previous U2F integration and am not quite sure how it worked, so maybe someone else can fix it. As far as I can tell, Google is switching to a JavaScript UI that is going to require something like Selenium to make U2F integration work, but I could be wrong. Personally I am leaning towards using aws-saml-capture-extension plus a shell script like this on the Mac: #!/usr/bin/env bash
aws-google-auth -k -p $0 --saml-assertion $(pbpaste)I would prefer someone fix aws-google-auth, but until then, this works better than the alternatives because, by using my real browser to log in, I have a reliable tool, I do not get asked for CAPTCHA or even 2FA that often, and since |
|
Another fallback option is to do something based on the https://g.co/sc one-time security codes. I have an initial support for that implemented in my https://github.com/andreaso/aws-google-auth/tree/wip/skotp-support branch, which builds on top of the #203 branch. |
|
Hmm.. I don't really think this one was closed by #203? @stevemac007? |
|
Looks like you are correct - this is back to the fact I don't have a device to test this with. |
|
@stevemac007: If you would like a Yubikey we can ship you one free of charge. |
This fixes a small issue from 77e7544 (cevoaustralia#206) where the code for handling the dual-prompt page was added, but the support for it wasn't added in the challenge-selection stage. This adds the `elif` clause neeeded to parse the dual prompt method. (Tested against 0.0.37 and login works successfully after this commit is applied.) Fixes cevoaustralia#202
|
Hi, any chance that volkangurel's PR can get merged soon? I can confirm that this works as a good alternative for Yubikey users. The user is asked to visit https://g.co/sc which gives them a one-time security code after verifying their Yubikey. |
I have a YubiKey U2F security key as my default MFA.
aws-google-authused to immediately use it when I logged in, but now it does not use it and instead prompts me to use a different MFA method.This appears to be caused by a change with Google's pages, but I do not fully understand how the U2F integration works. I can say when I look at the MFA challenge selector page given to
aws-google-authit says that the security key is "not supported on this device or browser".Update 1
On further investigation, it looks like U2F integration is switching to a JavaScript implementation. It may not be possible to support U2F without running JavaScript.
The text was updated successfully, but these errors were encountered: