Jump to content

Recommended Posts

Posted (edited)

Hello,

i am in the process of writing PasswordState support for mRemote (https://github.com/mRemoteNG/mRemoteNG/pull/2591)

 

Authentication to the PasswordState API via APIKey and Winauth works fine. Turning on MFA requirement works fine as well - but only once. As the MFA code rotates every few minutes, the user would have to constantly update the new MFA code before doing subsequent API calls. This is inconvenient / not usable. 

 

a "simple" solution would be to add an additional authentication option: let's call it "token".

- the user does one initial API call to an "authentication" endpoint, providing API token and MFA or WinAuth and MFA as usual.

- the server responds with an auth token, valid for 4 hours (customizable)

- the user can now do subsequent API calls with the auth token.

 

could this functionality be added to the API? (or is it already there and i am not seeing it?)

thanks

Robert

Edited by RobertRo
link to github code commit
  • 3 weeks later...
Posted

+1

We are using a similar tool from Devolutions that already integrates with the Passwordstate API but without the MFA. We have asked them to add support for MFA, but the way PasswordState handles MFA in the API is a showstopper wrt usability.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...