[docs] Add page on Multi-factor Authentication #14572
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jamesorlakin
force-pushed
the
feature/mfaDocumentationPage
branch
from
c96b60c to
7f83171
Compare
|
The API can still be used with 2FA by setting the The docs mention this in API Usage. |
GiteaBot
added
the
lgtm/need 2
|
Aah yes, I didn't spot that! I guess this still applies for the Git CLI though? |
|
Yes, currently over HTTP/S you would need an app token (or SSH). |
6543
reviewed
Feb 5, 2021
| > It must be kept secure and should only be used as a last resort. | ||
|
|
||
| The Gitea API supports providing the relevant TOTP password in the `X-Gitea-OTP` header, as described in [API Usage](https://docs.gitea.io/en-us/api-usage). | ||
| This should be used instead of an access token where possible. |
There was a problem hiding this comment.
as api is for automation ... it's more secure to use a token than basic-auth + TOTP!
you only have to make sure to name access token on creation properly and only use it for one thing! (CI, GitNex, ...)
There was a problem hiding this comment.
so you can precicely add and remove access application level based ...
bagasme
reviewed
Feb 6, 2021
| ## MFA Considerations | ||
|
|
||
| Enabling MFA on a user does affect how the Git HTTP protocol can be used with the Git CLI. | ||
| This interface does not support MFA, and trying to use a password normally will no longer be possible whilst MFA is enabled. |
There was a problem hiding this comment.
did you mean Git CLI doesn't support MFA?
|
@jamesorlakin Are you still interested in this PR? If so, could you update it, as we recently changed our documentation system? This would involve a new file location and some changes inside frontmatter. |
denyskon
added
issue/needs-feedback
GiteaBot
removed
the
giteabot/update-branch
pull-request-size
bot
added
the
size/M
|
Some contents are outdated, maybe we need to create a new PR or update this one. |
Merged
|
replaced by #26654 |
techknowlogick
added a commit
that referenced
this pull request
Aug 23, 2023
copy and modified from #14572 > Whilst debating enforcing MFA within our team, I realised there isn't a lot of context to the side effects of enabling it. Most of us use Git over HTTP and would need to add a token. I plan to add another PR that adds a sentence to the UI about needing to generate a token when enabling MFA if HTTP is to be used. --------- Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: silverwind <me@silverwind.io>
Merged
GiteaBot
pushed a commit
to GiteaBot/gitea
that referenced
this pull request
Aug 23, 2023
copy and modified from go-gitea#14572 > Whilst debating enforcing MFA within our team, I realised there isn't a lot of context to the side effects of enabling it. Most of us use Git over HTTP and would need to add a token. I plan to add another PR that adds a sentence to the UI about needing to generate a token when enabling MFA if HTTP is to be used. --------- Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: silverwind <me@silverwind.io>
techknowlogick
added a commit
that referenced
this pull request
Aug 23, 2023
Backport #26654 by @lunny copy and modified from #14572 > Whilst debating enforcing MFA within our team, I realised there isn't a lot of context to the side effects of enabling it. Most of us use Git over HTTP and would need to add a token. I plan to add another PR that adds a sentence to the UI about needing to generate a token when enabling MFA if HTTP is to be used. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: silverwind <me@silverwind.io>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Whilst debating enforcing MFA within our team, I realised there isn't a lot of context to the side effects of enabling it. Most of us use Git over HTTP and would need to add a token.
I plan to add another PR that adds a sentence to the UI about needing to generate a token when enabling MFA if HTTP is to be used.