teleport

mirror of https://github.com/gravitational/teleport synced 2024-10-22 02:03:24 +00:00

History

Andrew Lytvynov 81927a7f95 mfa: device management API (#5456 ) Add 3 new RPCs for the auth server: - AddMFADevice - DeleteMFADevice - GetMFADevices All RPCs act on the user calling them, rather than specifying the user in parameters. It's one less thing to validate and also prevents authz bugs with one user messing with other user's MFA devices. Add and Delete RPCs are streaming both ways, to allow MFA using an existing device (prevents MFA bypass) and a challenge/response registration used in U2F and TOTP. This approach makes the challenge bound to the RPC connection and doesn't require backend storage.	2021-02-03 10:12:25 -08:00
..
mocku2f.go	mfa: device management API (#5456 )	2021-02-03 10:12:25 -08:00

Andrew Lytvynov 81927a7f95

Add 3 new RPCs for the auth server:
- AddMFADevice
- DeleteMFADevice
- GetMFADevices

All RPCs act on the user calling them, rather than specifying the user
in parameters. It's one less thing to validate and also prevents authz
bugs with one user messing with other user's MFA devices.

Add and Delete RPCs are streaming both ways, to allow MFA using an
existing device (prevents MFA bypass) and a challenge/response
registration used in U2F and TOTP. This approach makes the challenge
bound to the RPC connection and doesn't require backend storage.

2021-02-03 10:12:25 -08:00

mocku2f.go

mfa: device management API (#5456 )

2021-02-03 10:12:25 -08:00