Re: Rietveld with Google two-factor authentification

[Alexander Kobel]

On 07/16/2014 03:58 PM, Graham Percival wrote:
> On Wed, Jul 16, 2014 at 03:11:31PM +0200, Alexander Kobel wrote:
> > My usual password is not accepted (which is good), since
> > git-cl does not ask for the second-factor token (which is bad).  And
> > obviously git-cl is not able to cache the credentials - I get
> >
> > Could not find stored credentials
> >    $HOME/.lilypond-project-hosting-login
> > each time.
>
> That is correct, git-cl does no caching, no fancy authentication,
> etc.  It attempts to read the above file, and it takes the first
> line in that file as the username and the second line in that file
> as the password.  That's all it does.

Ah, okay.  That means if I put this application-specific password there, 
I'm done?  Cool.  Now I just need to write some new patch to test...

> Patches to git-cl most welcome.  :)

I see... ;-)

> I've heard of this "two-factor authentication", but I've never
> used it (even in my personal life),

I do like the concept a lot, but it's certainly not for everyday tasks - 
if you push 30 patches a day, you don't want to read a token each time. 
 That's what those app-specific passwords are there for; they can be 
revoked independently of each other, and they only apply for specific 
tasks.  E.g., with the Rietveld-only password it is impossible to access 
my calendar.  So while it's still a risk to store it in some potentially 
publicly available place, I don't expose my entire Google profile with 
it.  YMMV.

> and git-cl was my first foray into authentication on foreign servers.
> I was kind-of expecting that somebody familiar with
> python+google+authentication to take 30 minutes (rough estimate for
> somebody familiar with the above) to fix it after a few months, but
> obviously there's been no takers yet.

I just stumbled across the issue; I'll never did anything 
authentication-related, too, but I'll have a look.


Thanks,
Alexander