Replies: 1 comment 1 reply
-
|
Sounds like a lot of client side changes. Which are not part of this repo. |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
:( Thanks for the update |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
When 2FA is enabled on a vault or organization, every time a user logs in to the browser extension they need to use both a username/password and 2FA.
Suggestions:
a) generate an API key for each vault that the user need to register when they setup the browser extension
b) have the browser extension generate an API key that the vault admin needs to approve to authenticate the browser extension (better management). API key management is already there in the Vaultwarden server. eg. like Syncthing, Linkding uses to authenticate clients
Outcome:
The user can login to the browser extension using just a username/password. But if the user logs in to the webpage/web vault they need to use both a username/password and 2FA . The user cannot login to the browser extension if the API key is not authenticated.
Related posts:
I was only able to find somewhat related posts
#4241
Beta Was this translation helpful? Give feedback.
All reactions