android-app icon indicating copy to clipboard operation
android-app copied to clipboard

Published 20 hours ago verified publisher icon wallabag

Two-factor authentication (2FA) support

Open di72nn opened this issue 7 years ago • 6 comments

The app does not support 2FA (not relevant for wallabag v1.9).

Also maybe add a notice somewhere about 2FA not being supported in the meantime.

di72nn avatar Nov 30 '16 09:11 di72nn

note that this is related to a bunch of other issues. #203, as mentionned, but also #291 and #292.

symptoms of this problem include "Wallabag service not found" errors and receiving a 2FA code when trying to login through the app.

anarcat avatar Nov 30 '16 14:11 anarcat

There is a hint in the documentation w.r.t. missing 2fa: http://doc.wallabag.org/en/master/user/android.html#two-factor-authentication-2fa

Strubbl avatar Nov 30 '16 16:11 Strubbl

I just bumped into this, it would be cool to support. A better error message would be helpful too :)

axilleas avatar Dec 14 '17 09:12 axilleas

Hey @di72nn & @Strubbl, in 2019, what are the plans for 2FA support in the Android application? Is there anything particular blocking this feature/improvement being added?

ChrisCarini avatar Mar 29 '19 04:03 ChrisCarini

The thing is the app currently uses two ways to communicate with the server:

  • It makes HTTP requests and parses HTML responses to log into wallabag and to generate API credentials. This part is protected with 2FA.
  • After that the app uses the API credentials to actually function. This is not affected by 2FA.

Implementing 2FA support would require to further complicate the first part. The problem is that the app shouldn't be doing that part at all: there should be a different way of getting API credentials. So implementing 2FA at this point would be like creating a crutch for a crutch.

My memory is somewhat hazy on the matter, but as a workaround one probably can disable 2FA for the first setup, then after confirming that the app functions ok, enable 2FA again.

di72nn avatar Mar 29 '19 10:03 di72nn

Hey @di72nn ,

Thanks for the detailed response - this makes a lot of sense. A secondary thought then; would it be possible for the app to instead prompt for API credentials (that the user can create via the web UI)? It may not be as great of an experience compared to simply logging in and entering the 2FA, but it might be a good-ish middle ground for the time being.

In the mean time, your workaround worked great for me! Thank you! The app is great! :)

Best, Chris

ChrisCarini avatar May 27 '19 20:05 ChrisCarini