Enable passing MFA TOTP without opening the browser #2752
AllanOricil
started this conversation in
Ideas
Replies: 1 comment 2 replies
-
I'm not sure how that would work. The OTP check happens as part of the browser login flow. That login page is hooked to your org, which is where all the 2FA/SSO/policies/session stuff is controlled. AFAIK, there's not an authorization endpoint that the CLI can pass an OTP to. Let me know what endpoint you have in mind for this. |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
aws cli allows login with iam users with MFA enabled without opening a browser. We can simply type:
Other clis have the same feature.
If sf cli enables it, I can automate sf to request a TOTP from my esp32 mfa totp generator instead of manually typing it.
https://github.com/AllanOricil/esp32-mfa-totp-generator
Flow:
sfdx -> node-red -> esp32 -> sfdx -> salesforce -> successful login
you can change esp32 by any other external virtual mfa app running on any device. Node-red is just a layer to protect which clients are authorized to access the device that takes care of generating TOTPs. In the future it could also work as a passkey storage. Sfdx would ask the device for the passkey, not requiring any user interactions during programatically logins.
Beta Was this translation helpful? Give feedback.
All reactions