Add app passwords #15
Loading…
x
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
There is no good way to easily implement two-factor auth in app APIs that authenticate with a username and password.
We need to add a UI tool and database table for app passwords. It should work like Nextcloud's implementation, where a user can note what app/device the password is for, they see the password one time, and then in the future they can delete passwords if needed.
Modifying
checkPassword()
inUser.lib.php
should be enough to enable app passwords everywhere, although the web login flow should probably check for and refuse to accept app passwords.