Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for yubikey or google titan? #135

Closed
Colgaton opened this issue Jun 12, 2019 · 7 comments
Closed

Support for yubikey or google titan? #135

Colgaton opened this issue Jun 12, 2019 · 7 comments

Comments

@Colgaton
Copy link

I have the google titan key setup for mfa and I'm getting the following error. Any plan to support it?

ERROR:root:No JSON object could be decoded
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/aws_google_auth/init.py", line 72, in cli
process_auth(args, config)
File "/usr/lib/python2.7/site-packages/aws_google_auth/init.py", line 212, in process_auth
google_client.do_login()
File "/usr/lib/python2.7/site-packages/aws_google_auth/google.py", line 259, in do_login
sess = self.handle_sk(sess)
File "/usr/lib/python2.7/site-packages/aws_google_auth/google.py", line 364, in handle_sk
challenges = json.loads(challenges_txt)
File "/usr/lib/python2.7/json/init.py", line 339, in loads
return _default_decoder.decode(s)
File "/usr/lib/python2.7/json/decoder.py", line 364, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python2.7/json/decoder.py", line 382, in raw_decode
raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
@mfulleratlassian
Copy link

mfulleratlassian commented Jun 12, 2019
edited
Loading

I took some time to look at this today. It appears that at some point/some setups the input form element of (name="id-challenge") returns JSON, but it does not return JSON when using a YubiKey

Redacted example:

<input jsname="wCVnAe" name="id-challenge" type="hidden" value="<redacted>qLBl7hmVSRt3KzgRMzKaqkwn68XK2tD5JFeqxVDA4jLIxIo4/3dtIL/yrzzcyhZspU19def7AN9crpReSk0Xk53JGrLqdq1Oq6iFd+gdem4WXM+qMwuC7XU5hzpE5bnzD5+WJg6uvSZY/v0SODOhpT16rkq2U20GaZIQnUqpX2K34UrUaAqssmXpMsMa/2NhtkJ0W1ITzhcCx3ebxh2tdCQkJF5BB0ifxFVHF2WL1Sa7Hl3zQdVR8sjFOxvfHm7M7DoaQ4B5dtlZpzTTZ6WEA96lGy/nD4FfzcUyj/Q1CrFtak2aL7HrHg4qSmEH/ReYtEuYOGExuZ03UgVAVaRAwDKBoKlNSn8t3ZWUlCf/sYk2zUSm6E518YpRvlp8MQSmFV43pxzUA7IH4o/RV9NN7f8Qi2d7hlkBzhBywrdet4jn+PLeT1JHh1VU="/>

This value base64 decodes to binary which does not represent anything obvious to me. Without an understanding how to decode/translate this challenge I am unfamiliar with, it is impossible to create the needed data for the u2f function calls to sign the challenge.

If anyone has any ideas?

@zsiddique
Copy link

I am seeing this same issue but using Pixel 2 as the u2f device. So It's not just exclusive to YubiKey.

@mhumeSF
Copy link

mhumeSF commented Jun 13, 2019

dupe #128

@adcreare
Copy link
Contributor

So I've worked through what was going on here. Short story there is a PR that works for me - keen for feedback to see if this works for others: #136 See #128 for the longer story

@mhenniges
Copy link

Hi @stevemac007 , sorry to be a squeaky wheel about this; the latest version of @adcreare 's PR 136 #136 seems to work for everybody now. Are you comfortable merging this in? I'm eager to roll this out to my users but need this fix in for them first.
Thank you for everything!

@ruimarinho
Copy link
Contributor

Working fine for me as well.

@stevemac007
Copy link
Contributor

Merged and released as part of v0.0.32

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@ruimarinho @zsiddique @stevemac007 @mhumeSF @mfulleratlassian @Colgaton @adcreare @mhenniges