Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentication fails if two-factor auth is required #435

Closed
wichert opened this issue Nov 21, 2013 · 21 comments
Closed

Authentication fails if two-factor auth is required #435

wichert opened this issue Nov 21, 2013 · 21 comments
Milestone
1.11-stable

Comments

@wichert
Copy link

wichert commented Nov 21, 2013

I tried to use hub to create a pull request, but got an error:

$ hub pull-request -i 350
github.com username: wichert
github.com password for wichert (never stored): stty: standard input: unable to perform all requested operations

Error creating pull request: Unauthorized (HTTP 401)

This is most likely because I have github configured to require two-factor authentication. And indeed in the security history I see this:

image
@mislav
Copy link
Owner

mislav commented Nov 21, 2013

It might not be related to 2FA. In the output you pasted there is stty: standard input: unable to perform all requested operations, which I see for the first time and should not be shown. This points to the fact that your password might not have been collected correctly in the first place.

Can you give me more information about your system version and your shell?

@wichert
Copy link
Author

wichert commented Nov 21, 2013

This is an OSX 10.9/Mavericks system. The shell is bash 4.2.45. Both the shell and hub were installed via MacPorts.

@dasevilla
Copy link

I have the same issue with hub version 1.10.6 on OS X 10.9.

Here's what I did:

$ hub fork
github.com username: dasevilla
github.com password for dasevilla (never stored):
Error creating fork: Unauthorized (HTTP 401)

@jpfuentes2
Copy link

Confirmed this is an issue with 2FA. I received the exact same response @dasevilla pasted above.

I disabled 2FA temporarily, went back to try hub and authenticated successfully. I've re-enabled 2FA and am successfully using hub now.

@dasevilla
Copy link

Disabling 2FA, authenticating hub, and enabling 2FA worked for me as well.

@joelpurra
Copy link

I had the 401 issue with 1.10.6, because hub never asked for the 2FA code.

Using the source from the current HEAD, installed using homebrew's brew upgrade --HEAD hub, I got as far as hub asking for the 2FA code.

For some reason, github never sent me any 2FA code by sms when hub requested it, as noted in the security history. Solved it by opening a private browser window, heading to github.com and performing the first step of logging in on the website. Instead of using the new sms auth token on the website, I used it for hub.

Voilà, "oauth_access.create: hub (API)".

@mislav
Copy link
Owner

mislav commented Dec 2, 2013

Yeah, 2FA really seems kind of broken right now. I'll need to change the way hub authenticated completely to put an end to these and similar authentication woes. Right now, you can use GitHub's web interface to create a token manually that you can paste to ~/.config/hub:

---
github.com:
- oauth_token: TOKEN
  user: mislav

@cyrusstoller
Copy link

@mislav where do you create the token?

@fuadsaud
Copy link

@cyrusstoller https://github.com/settings/applications

@afeld
Copy link

afeld commented Dec 11, 2013

@mislav Couldn't the flow change to

$ hub fork
Are you using Two-Factor Authentication on github.com? [yN]: y
github.com username: afeld
github.com personal access token (generate at https://github.com/settings/applications): 123456

?

@mislav
Copy link
Owner

mislav commented Dec 11, 2013

@afeld Detecting whether 2FA is enabled for your account is not the problem. However, I have other problems related to 2FA that I need to sort out. Expect an update soon

@afeld
Copy link

afeld commented Dec 11, 2013

Even a warning after a 401 like "See #435 if you have 2FA enabled" would be an improvement in the short term. Just so that people don't throw up their hands and walk away from it.

@hkdobrev
Copy link

This is very similar to how Composer (PHP dependency manager) handles GitHub 2FA. Here's the related discussion: composer/composer#2280 Still not resolved.

mislav added a commit that referenced this issue Dec 18, 2013
@mislav
Fix 2FA for users that receive code via SMS
3d29989 
hub initially tries to fetch user's existing OAuth token for hub if it
exists, and will prompt the user for a 2FA code. However those who
receive it via SMS would never get the code since a GET to GitHub's
Authorizations API purposely doesn't trigger an SMS. There's some
discussion as to whether this is an API bug for not, but in the
meantime, make a dummy POST request for the sole reason of triggering
the SMS.

Fixes #412, closes #435, closes #445
@mislav mislav closed this as completed in e70f7ba Dec 19, 2013
@pwaller pwaller mentioned this issue Feb 20, 2014
Closed
@hkdobrev hkdobrev mentioned this issue Feb 24, 2014
Closed
@jordansissel jordansissel mentioned this issue Feb 26, 2014
Closed
@jeppenejsum jeppenejsum mentioned this issue May 19, 2014
Merged
@weakish weakish mentioned this issue Nov 4, 2014
Closed
@krzychukula krzychukula mentioned this issue Nov 13, 2014
Closed
@mislav
Copy link
Owner

mislav commented Jan 7, 2015

@lawipac Composer has had 2FA support for many months now. However, this project is not Composer nor related to it at all. So, it's not an appropriate place to rant about your troubles with using Composer. If you need to report a bug to them, go to their issue tracker.

@ferllings ferllings mentioned this issue Jun 10, 2015
Closed
@KaranKamath KaranKamath mentioned this issue Sep 15, 2015
Open
@rschuster3
Copy link

In case Google search brings anyone else to this thread: I had this issue today with not being able to login via Git Shell until I disabled 2FA. A coworker suggested using a personal access token for specific apps to prevent this from happening in the future. https://help.github.com/articles/creating-an-access-token-for-command-line-use/

Does that sound about right?

@mislav
Copy link
Owner

mislav commented Oct 19, 2015

@rschuster3 Were you using hub or just plain git push/pull/clone? Where did you put the token?

@rschuster3
Copy link

Just plain git push/pull/clone. I haven't made the token yet (since I was able to authenticate after I disabled 2FA) but it's on my to-do list for today.

@fslone-nomi
Copy link

just did it myself. Create the token and enter it just as you would your password when signing in via Git Bash and you're good to go.

@rschuster3
Copy link

All righty, I'll go ahead and set it up now. The shell is oddly asking me to authenticate again for a push I want to make. I say "oddly" because I'm not asked to authenticate normally. Will post here again if I have issues with the token. Thanks!

@fslone-nomi
Copy link

might want to look into caching you credentials to help with that

https://help.github.com/articles/caching-your-github-password-in-git/

@corlaez
Copy link

corlaez commented Dec 20, 2017

The link provided by @rschuster3 works perfectly for my git kraken pulls issues after setting up 2 factor.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.11-stable
Development

No branches or pull requests