Pass OTP during login? (Powershell)

Hello,

Is it possible to pass the OTP to OP when signing into 1Password? I am attempting to automate our interactions with 1Password but wont be able to keep the session open and I am required to have 2FA enabled on my application account. I am able to pipe the password like so:

Invoke-Command -Scriptblock {$pass | ./op signin example [email protected] $secret}

Where $pass is the password value, but no matter how I try to pass a second value through, the command immediately throws the following error on displaying the prompt:

Enter your six-digit authentication code: [LOG] 2019/08/05 22:49:03 (ERROR) Incorrect One-Time Password length. Expected 6.

I've done some google-fu and found a forum where the users where having the problem using BASH and resorted to using the Expect command, but there is no Powershell equivalent. I just wanted to check whether this was expected behaviour before I go about recoding and replatforming :)

Thanks!


1Password Version: Not Provided
Extension Version: 0.5.7
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • graham_1Pgraham_1P

    Team Member

    Hey @ptype85,

    The OTP is consumed in a similar way to the password. How are you trying to pass in the second value? It should be the second prompt to type something in, right after the password.

    Also, as a non-Powershell user, can I assume Invoke-Command -Scriptblock[...] runs whatever is in the square brackets in a shell environment?

    Graham

  • Sadly they don't account for folks who would want to use the CLI in automation, which is our only hope since there's no SDKs. After years of saying no to MFA we finally have that, and now finally have broken saml. Maybe some day they'll mature, and I'll quit replacing it at companies with more mature solutions, but I digress.

    You'll have to wrap the login with something like expect, to pass in the OTP. Or use a library in your language of choise that can read from STDIN, so you can send the OTP to the CLI.

  • felix_1pfelix_1p

    Team Member

    @anonamouse: Entering the MFA token should only be necessary the first time you use op with a device / local user account. What issue are you experiencing?

This discussion has been closed.