Authenticating With GitHub MFA

Question

Authenticating With GitHub MFA

Closed this issue 4 years ago · 1 comments

Hi Timothy

We're pretty much all up and running! Thanks again for contributing this project - it has helped us save time.

We have a scenario that has come up during testing where the authn flow for an account that has MFA enabled in GitHub returns a 500 after the creds are entered but before the token entry dialog is displayed. Both of these pages are hosted by GitHub. Authn flow works if MFA is not enabled on GitHub account. And we can login directly to GitHub outside of the SSO context with GitHub MFA enabled.

Here is the HAR export:

https://www.dropbox.com/s/p7nx2306ep3fbv4/github.com.har?dl=0

It's a long shot but is it possible that the shim is crafting an authn request to GitHub such that if MFA is involved in the flow github rejects the authn?

Cheers

Ben

Answer 1 · 2021-04-07T07:48:55.000Z

Ah, this sounds like #24. I've never managed to get to the bottom of it (I think it is certainly a bug on one of their sides). See that issue for a workaround and discussion.