Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecate /webapi/ssh/certs + Use 2-step MFA login flow for Teleport Connect #47153

Merged
merged 7 commits into from
Oct 4, 2024
Merged

Deprecate /webapi/ssh/certs + Use 2-step MFA login flow for Teleport Connect #47153

merged 7 commits into from
Oct 4, 2024

Conversation

Joerger
Copy link
Contributor

@Joerger Joerger commented Oct 3, 2024
edited
Loading

Deprecate /webapi/ssh/certs in favor of /webapi/mfa/login/begin+finish and new /webapi/headless/login endpoints.

Now that MFA cannot be disabled or made optional, we can always use the mfa login flow. This allows us to make clients stupider - remove a bunch of second_factor switches and instead just use whatever MFA challenge the server provides.

This also results in an arguably nicer 2-step login flow for OTP, matching the current Webauthn flow. See this slack thread for discussion + new Teleport Connect demo.

Changelog: Use 2-step OTP login flow for Teleport Connect.

@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 3, 2024

The PR changelog entry failed validation: Changelog entry not found in the PR body. Please add a "no-changelog" label to the PR, or changelog lines starting with changelog: followed by the changelog entries for the PR.

@Joerger Joerger changed the title Deprecate /webapi/ssh/certs Deprecate /webapi/ssh/certs + Use 2-step MFA login flow for Teleport Connect Oct 3, 2024
zmb3
zmb3 approved these changes Oct 3, 2024
View reviewed changes
lib/client/api.go Outdated Show resolved Hide resolved
lib/client/api.go Outdated Show resolved Hide resolved
lib/client/api.go Outdated Show resolved Hide resolved
@Joerger Joerger mentioned this pull request Oct 3, 2024
Closed
@Joerger Joerger force-pushed the joerger/deprectate-password-login-endpoint branch from c7bc384 to 515cd9b Compare October 4, 2024 01:00
@Joerger Joerger force-pushed the joerger/deprectate-password-login-endpoint branch from 515cd9b to 20d569d Compare October 4, 2024 01:01
@Joerger Joerger added this pull request to the merge queue Oct 4, 2024
Merged via the queue into master with commit 3e7f07f Oct 4, 2024
43 checks passed
@Joerger Joerger deleted the joerger/deprectate-password-login-endpoint branch October 4, 2024 18:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zmb3 zmb3 zmb3 approved these changes

@rosstimothy rosstimothy rosstimothy approved these changes

Assignees
No one assigned
Labels
size/sm ui
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Joerger @zmb3 @rosstimothy