Supporting String-Fields

[belaviyo]

KeePassHTTP allows string-fields transmission along with the username and password to the extension side. MacPassHTTP does not have this option at the moment. Is it possible to have this?

I am planning to support OTP in my KeePassHelper extension and we need to save the secret in the KeePass database and use the extension to generate OTPs. It works fine if a string-field is defined with otp key. https://github.com/belaviyo/keepass-macpass-helper/issues/4

[mstarke]

OTP support (HMAC/TOTP) is in the working so MacPass then can supply this, if you want to fall back to it. But if KeePassHTTP supports this it should be added to MacPassHTTP.

What I would strongly advise agains ist mixing OTP storage and other credentials as this defeats the purpose of 2FA.

[belaviyo]

But if KeePassHTTP supports this it should be added to MacPassHTTP.

Yes, both the official KeePass and KeepassXC support sending string-fields. This is super helpful to fill custom elements on the page.

What I would strongly advise agains ist mixing OTP storage and other credentials as this defeats the purpose of 2FA.

In the KeePassHelper extension, I do recommend users to use the "secure secret" mode. In this mode, user stores based64 SHA-256 encoded secrets in the KeePass database and whenever a token is about to generate, the user is prompted to enter the passphrase to decrypt the secret and generate the token; https://github.com/belaviyo/keepass-macpass-helper/blob/master/safe.js