Comments (3)
I might need to dig a little deeper.
Yeah, the Personal Token API is a bit weird, I had some exchange with support as well:
[snip] I believe we intentionally send 2FA OTPs via SMS only for PUT and POST requests to the authorizations API. Normally, you'd use a PUT or a POST to create a token, and then continue using that token for making API requests. Once you're done with the token -- you can revoke it via the web UI. Again, I agree it would be great if DELETEs sent an SMS as well, so I've opened an internal issue to see if we'd consider changing that. I can't promise an ETA, but we'll followup as soon as there's any news. For now, if you need an SMS for any API call -- you can trigger it with a POST to the authorizations API and then use the OTP for the call you really want to make.
So IIRC, the OTP are short lived, but you can use them for 2 differents requests, and can basically make a "fake" request that will just trigger the OTP to be sent, and then do your real requests.
My guess is that personal access token are a 2cd class citizen, and that's understandable, as they are inherently less secure than OAuth token, and that GitHub docs is mostly targeted as online services hooking up into GitHub (hence the response 2FA sms only for token request which might be true). Though the personal access token are technically login-in as you who are trying to do something on your repo, and not as an entity doing something on your behalf.
Anyway, I might give that a go at some point. I also have a yubi key in some drawer, I shoudl dig that out to see how it can be used for 2fa.
from gitsome.
Interesting, appreciate the info and code snippet.
I thought this wasn't do-able due to this issue: sigmavirus24/github3.py#387:
"if your using Basic Auth to authenticate and are using 2FA with SMS, the API will send 2FA SMSes with OTPs only for API requests to create tokens. This allows you to use the Authorizations API to create an OAuth token. If you're using other APIs and have 2FA enabled, you should authenticate using an OAuth token (instead of with username+password) because using an OAuth token doesn't require you to enter an OTP when making API calls. "
I might need to dig a little deeper.
Note, the following message is unclear:
I think you're right, I'll try to improve that message.
Thanks!
from gitsome.
Associated PR: #29
from gitsome.
Related Issues (20)
- EEL issue HOT 1
- command errored out with exit status 1: python setup.py egg_info check the logs for full command output HOT 2
- No module named 'prompt_toolkit.key_binding.manager' HOT 1
- Error when Running pip install : python setup.py egg_info
- conflict between `gh` command name between gitsome and official GitHub client HOT 2
- python setup.py egg_info Check the logs for full command output.
- Kali Linux - Problem HOT 1
- should pyzmq be listed in setup.py or requirements,txt?
- I am unable to install hdbscan for a project
- prompt-toolkit HOT 1
- Feedparser AttributeError in Python 3.9 HOT 1
- error: pip3 install gitsome --upgrade
- bad interpreter: /usr/local/opt/python/bin/python3.7: no such file or directory
- Mark as archived
- Missing `f` prefix on f-strings
- installation of gitsome throws spurious warning HOT 1
- Configuring gitsome with an ssh-key HOT 1
- # [Codecov](https://codecov.io/gh/donnemartin/gitsome/pull/131?src=pr&el=h1) Report
- Unable to install opencv-python at ubuntu 18.04 using dockerfile
- `feedparser=5.2.1` does not support the latest version of `setuptools` HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gitsome.