Hi Peter,
Apologies for not seeing this on the Subversion dev@ list when you first
brought it up.
Generally speaking, 2FA solutions along this set of requirements, use a
"Bearer token" which is then placed into the Authorization: header.
(sometimes referred to as a Personal Access Token (PAT)). T
Hi,
Thanks, in this case, how would you authenticate using a browser?
Best regards,
Peter
On 2025. 05. 19. 12:37, Greg Stein wrote:
Hi Peter,
Apologies for not seeing this on the Subversion dev@ list when you
first brought it up.
Generally speaking, 2FA solutions along this set of requirem
Using an OAuth-based workflow that incorporates 2FA. That is already
possible.
What is *really* hard is to incorporate 2FA into the svn client/libraries.
The most straightforward is to use bearer/PAT tokens, as it requires client
changes. It might be possible to construct an svn client auth provid
[clarifying]
On Mon, May 19, 2025 at 12:28 PM Greg Stein wrote:
> Using an OAuth-based workflow that incorporates 2FA. That is already
> possible.
>
I've already seen this done.
> What is *really* hard is to incorporate 2FA into the svn client/libraries.
> The most straightforward is to use b
Hi,
So an OAuth based 2FA auth flow would result in a cookie in the browser
Why don't we extend SVN to handle the same flow?
Can you please explain, in your view, how is a session id that we
communicate via Cookie headers different from a Bearer token?
As far as I know (I don't have any RFC p
On 19. 5. 25 19:28, Greg Stein wrote:
For svn+ssh, since we control both ends of that conversation, it would
be possible to add an additional challenge/response for a 2FA (TOTP?)
mechanism. I find this rather dubious, however, as SSH access already
implies a very intimate level of access and ma
On 19. 5. 25 19:33, Greg Stein wrote:
[clarifying]
On Mon, May 19, 2025 at 12:28 PM Greg Stein wrote:
Using an OAuth-based workflow that incorporates 2FA. That is
already possible.
I've already seen this done.
What is *really* hard is to incorporate 2FA into the svn
client/l
On 19. 5. 25 20:26, Peter Balogh wrote:
Hi,
So an OAuth based 2FA auth flow would result in a cookie in the browser
Why don't we extend SVN to handle the same flow?
No technical reason except that no-one sane wants to implement a real
HTTP browser in Subversion, with cookies and all that en
On 19. 5. 25 21:30, Branko Čibej wrote:
On 19. 5. 25 20:26, Peter Balogh wrote:
Hi,
So an OAuth based 2FA auth flow would result in a cookie in the browser
Why don't we extend SVN to handle the same flow?
No technical reason except that no-one sane wants to implement a real
HTTP browser in
9 matches
Mail list logo
