amazon-archives/awsmobile-cli

awsmobile cli (seemingly?) does not support two factor auth

Opened this issue · 4 comments

I have been attempting to configure AWS mobile CLI to use two factor auth unsuccessfully. Also I am unable to find a definite answer in the documentation with regard to whether or not AWS mobilehub CLI actually supports two factor auth. So the first question, does it?

Following that if my assumption that it does not is correct this seems like a bad situation. The documentation to setup the awsmobile cli explicitly directs the user to use an account with admin level credentials for the AWS account https://docs.aws.amazon.com/aws-mobile/latest/developerguide/aws-mobile-cli-credentials.html. Because of this it seems even more important for awsmobile CLI to support two factor authentication (and provide good documentation for how to use it).

The awsmobile-cli itself does not support multi-factor authentication, because it is not very practical to wait for multi-factor authentication each time you execute a cli command.
But the amplify library auth category does support multi-factor authentication when you use it in your application.

@UnleashedMind

Hello and thank you for taking the time to reply. In most cases users are in fact not required to enter a two factor auth token on every request (although this is possible depending on configuration). Rather a user typically supplies a two factor auth token one time and is then returned an AWS access token which is valid for a configurable period of time. In my own case this means when using the standard AWS CLI (not AWS Mobile CLI) I provide a two factor auth code every N hours and while the token is valid I can use the AWS CLI normally without providing additional two factor auth tokens.

I would also add I don't think Amplify's support for two factor authentication is relevant to my particular question/feature request. Amplify's support for two factor authentication (as I understand it) allows me as a developer to require my users to input a two factor auth code to access my own application. In contrast I am suggesting two factor auth support should be added to the AWS Mobile CLI itself. In my opinion this would also make AWS Mobile CLI generally more consistent with other AWS software/services.

Given that AWS Mobile CLI does not currently support two factor authentication (and I think it should) should we relabel this issue as a "feature request" or similar instead of a "question"?

Thanks you again for your time and for this project. It has saved our team from an untold number of hours writing glue code!

cool, thank you very much for your feedbacks

I would like to throw in my support for this feature as well. All my programmatic users are required to use two factor auth on the CLI.