CLI always requires authentication code

razorsedge
razorsedge
Community Member

I am using the op CLI and I also have two-factor authentication enabled. Every time I authenticate to op, it asks for the authentication code. This gets annoying quickly and does not help in my quest to automate CLI signin.

$ op signin YYY
Enter the password for XXX at YYY.1password.com:
Enter your six-digit authentication code: 

Is there a way to convince op that it is running on the same host similar to the way the 1password application and browser extensions do?

$ op --version
0.5.4

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: OSX 10.13.6
Sync Type: Not Provided

Comments

  • cohix
    cohix
    1Password Alumni

    @razorsedge unfortunately the CLI has something of an "incomplete" implementation of 2FA, only in that it does not persist the 2FA secret after the first authentication. All the other apps persist this secret, allowing them to do 2FA "silently" in the background, but that has not yet been implemented on the CLI. It's something we look to do in the future, but I can't give a timeline on when it will be available.

  • woakas
    woakas
    Community Member

    Hi, any update about this feature?

  • cohix
    cohix
    1Password Alumni

    @woakas Yes, this is something I've written the code for, but it has been put on hold due to some other more pressing matters. Rest assured it will come :)

  • woakas
    woakas
    Community Member

    Haha, I know, let me know when you can release this feature, thanks.

  • cohix
    cohix
    1Password Alumni

    @woakas Keep an eye on this forum :)

  • Moritz_
    Moritz_
    Community Member

    I had blinked once or twice since but haven't noticed any news on this yet. ;-)

  • mickael
    mickael
    Community Member
    edited May 2019

    @Moritz_ I agree this is annoying.

    I have written some little shell scripts to access the 2FA more quickly, they are designed for MacOs but could be easily ported to any system I guess. I have assigned them on a button of my MBP TouchBar but you can use them with a shortcut or what you want:

    $HOME/bin/totp2.py $(gpg --quiet --decrypt encrypted_file_with_2FA_key ) | pbcopy
    

    If you are confident of keeping your 2FA key decrypted and/or don't want to bother with gpg, you can simply:

    $HOME/bin/totp2.py PUT_YOU_2FA_KEY_HERE | pbcopy
    

    and the totp2.py is as simple as

    #!/usr/local/bin/python3
    import pyotp
    import sys
    
    totp = pyotp.TOTP(sys.argv[1])
    print(totp.now())
    

    Be sure to have installed the pyotp library globally with something like PIP_REQUIRE_VIRTUALENV="" pip install pyotp

  • Hah. That's a pretty awesome workaround, mikael.

    This is an issue that we still want to see fixed on our side. Hopefully soon we start rolling out CLI releases again.

    Rick

  • mickael
    mickael
    Community Member

    If a moderator can delete this message and edit my previous message and remove "especially due to the fact that the sessions are closed every 30 minutes when using multiple accounts." as this is not true ;) thx

  • Edited per your request Mickael.

  • Moritz_
    Moritz_
    Community Member

    This is an issue that we still want to see fixed on our side. Hopefully soon we start rolling out CLI releases again.

    Yeah I get that the CLI is the most niche 1P product in terms of install base by customers. Though for folks like me who work primarily on Linux based systems + on a Shell most of the times this really would be something nice to get fixed.
    So I do understand it can take some time but I just wanted to make sure that there is some visibility on it.
    Have a good week y'all.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Totally. Thanks for your feedback! While our current focus is getting the CLI app out of beta, there are still a lot of features and enhancements we're anxious to add in future updates. :)

  • lrosenman
    lrosenman
    Community Member

    I'm interested in this as well (0.5.7 still prompts every signin).

  • cohix
    cohix
    1Password Alumni

    The CLI is going to be more of a focus for my team fairly soon, so keep your eyes out :)

This discussion has been closed.