Page MenuHomePhabricator

Let users generate 2FA tokens within Striker
Closed, DuplicatePublic

Description

Issue: Users who create LDAP accounts through Striker do not have the option to set 2FA tokens even though it is required for Horizon.

Steps to reproduce:

  1. Create a Wikimedia SUL account with no connection to LDAP.
  1. Use Striker to create an LDAP account.
  1. Try to log in to Horizon using your username and password.
  1. Be unable to proceed due to not being able to fill in the 2FA code.

Current workaround is to set up 2FA on Wikitech, but moving LDAP accounts away from Wikitech means we're better off moving this functionality.

Event Timeline

bd808 triaged this task as Low priority.Mar 9 2019, 12:13 AM
bd808 added a subscriber: bd808.

Doing this would require either:

  • adding an API to MediaWiki's OATHAuth extension that would let us manage 2FA tokens remotely

I am not against the OATHAuth extension being improved to support this, but I don't really see a strong business case to build such a feature except as a workaround for this problem.

This is definitely the better option, and something we want to do anyway for other reasons.