Add app passwords #15

Closed
opened 2019-01-08 14:36:50 -07:00 by skylarmt · 0 comments
Owner

There is no good way to easily implement two-factor auth in app APIs that authenticate with a username and password.

We need to add a UI tool and database table for app passwords. It should work like Nextcloud's implementation, where a user can note what app/device the password is for, they see the password one time, and then in the future they can delete passwords if needed.

Modifying checkPassword() in User.lib.php should be enough to enable app passwords everywhere, although the web login flow should probably check for and refuse to accept app passwords.

There is no good way to easily implement two-factor auth in app APIs that authenticate with a username and password. We need to add a UI tool and database table for app passwords. It should work like Nextcloud's implementation, where a user can note what app/device the password is for, they see the password one time, and then in the future they can delete passwords if needed. Modifying `checkPassword()` in `User.lib.php` should be enough to enable app passwords everywhere, although the web login flow should probably check for and refuse to accept app passwords.
skylarmt added this to the Version 2.2 milestone 2019-01-08 14:36:50 -07:00
skylarmt self-assigned this 2019-01-08 14:36:50 -07:00
skylarmt added the
enhancement
label 2019-01-08 14:36:50 -07:00
Sign in to join this conversation.
No Milestone Version 2.2
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Business/AccountHub#15
No description provided.