I also tried on terminal
heroku login -i
xxx#pedroui-MacBookPro onoff-wad % heroku login -i
heroku: Enter your login credentials
Email [xxx#naver.com]: xxx#naver.com
Password: ***********
› Error: Your account has MFA enabled; API requests using basic authentication with
› email and password are not supported. Please generate an authorization token for
› API access.
›
› Error ID: vaas_enrolled
login error page said
to secure account, we check user's id .
please enter code generated by authentication app.
the problem is I don't know anything about authentication app.
Related
I tried to login on heroku, but I was required to enter code generated by authenticator app, but I have no the authenticator app. I tried heroku login -i, but it says
"Error: Your account has MFA enabled; API requests using basic authentication with email
› and password are not supported. Please generate an authorization token for API access."
How can I solve this problem?
Thanks in advance.
You must enable Multi-Factor Authentication and set up your preferred MFA option.
One of the options is to install Google Authenticator and configure it to access Heroku: after login (on the browser) you need to provide the code displayed in the Google Authentication application.
Login via Command Line
The approach is still the same but you need to use the API Key as the password
% heroku login -i
heroku: Enter your login credentials.
Email [my email address]:
Password: ************************************. # enter API Key here.
Logged in as [my email address]
To create the API Token go to Heroku Dashboard -> Account
We have application on compute engine that is using oauth2(Using GCP credentials) to authorize users to access application and it was working all fine. Suddenly since last two days we are getting 401 not authorize message from google authenticator instead of access token.
Have verified that the service account is active and APIs access enabled on GCE.
We tried rotating GCP API credentials but that did not work, even one of the environment was allowing to login again but go broken again in the morning.
Here is the sequence of incidents:
User hit url to access web app
That redirects to -> google auth page, requesting user to login consent
Credential provided user and accepted by google.
Instead of providing authentication token google is giving message access denied.
Not sure which logs can give clear picture to see the errors.
If your App is External Facing but is still in test mode (not verified), the token will expire after 7 days (source)
I’ve been trying to login to HEROKU CLI on a headless Ubuntu. So, I don’t have a chance to open a browser. That’s why, I need to login with credential or any other method but there are only two login options which are browser, credentials.
Is there anybody face with the same problem?
Command:
heroku login -i
Error Message:
› Error: Your account has MFA enabled; API requests using basic authentication with email and password are not supported. Please generate an authorization token
› for API access.
›
› Error ID: mfa_required
PS: The Heroku doesn’t allow me to disable MFA.
Shanshan Chen is basically right, but given the specifics of your issue you're still going to need the -i flag. I have had the same issue and was able to log in successfully using these steps:
Run heroku login -i
Enter your email address as normally
For the password, use your Heroku account API Key (see below)
Try heroku login and use API key as the password. Feel free to refer to
Not able login to Heroku account from command line
the project that I am trying to automate is This.
Manual Logged in
When I click on Google logged-in it will redirect to manual login.
after I logged in successfully I can see there Post method
Request URL: https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyAssertion?key=AIzaSyDF-qMBES2pwjDAzWRRsu-FiAxZgJsBuIk
Request Method: POST
with the body
requestUri: "FirebaseappURL"
returnIdpCredential: true
returnSecureToken: true
sessionId: "SessionID???"
after that, it generates a Large respond
context: ""
displayName.
emailverified.
expiresIn:3600
federatedId:...
firstName:.
fullName:.
idToken: <Token>
kind: "identitytoolkit#VerifyAssertionResponse"
lastName: ...
localId: <ID>
oauthAccessToken: <Token>
oauthExpireIn: 3600
oauthIdToken: <Token>
photoUrl: <url>
providerId: "google.com"
rawUserInfo: <long json>
refreshToken: <token>
I want to simulate it with post request with the postman
after that, I will transfer it to Script
What I tried
Google API Config
I went to Google DashBoard Create Project.
Then I go to the OAuth consent screen and add my user as test users.
Add all the Clawee sites as authorizes.
Then I Went to Credentials and add Oauth 2.0 Client ID's of the Desktop client
and got his ClientID and SecretID
Now from postman, I went to
https://accounts.google.com/o/oauth2/v2/auth?client_id=<ClientID>.apps.googleusercontent.com&response_type=code&scope=openid%20email&access_type=offline&redirect_uri=urn:ietf:wg:oauth:2.0:oob
I got my auth-code
now I send a request to
https://oauth2.googleapis.com/token
with params clientid,secretId,authCode,grant_type
and get my Access Token + Refress Token
Now to check that, I navigate to
https://www.googleapis.com/oauth2/v3/userinfo?access_token="
I got My User Info... It works
Now I tried to use that Access Token
To login to Firebase app as they did
but because I using my Own token and not a manual login
I read about the "signInWithIdp" or "verifyCustomToken"
And I tried
with 'postBody': 'access_token=[My_Token]&providerId=google.com' or
token: [My_Token]
Both Failed...
What am I doing wrong?
I've been following Caroline's blog to setup a multi-user composer rest server. So, I have two servers viz. Admin Server and the User Server.
As mentioned in the tutorial I:
Started the Admin Server with no authentication and single user mode. I started this server with Admin's card.
Started the User Server with JWT authentication in multi-user mode. I started this server with Admin's card as well.
Created a User participant and generated a card for user from the admin server.
Exchanged the first JWT token for this user on the User Server. So now the user has an access token.
Using this access-token I imported the user's card generated in #3 into the User Server.
Checked the Wallet status using user's access-token and was able to see the card to be set as default. i.e. default:true
This seems to have worked fine. However, now I'm trying to ping the network using User Server and User's access token. And it results in:
Error: Error trying login and get user Context. Error: Error trying to enroll user or load channel configuration. Error: Calling enrollment endpoint failed with error [Error: connect ECONNREFUSED 127.0.0.1:7054]
I tried setting this card to be default again but with no luck. When I list the identities issued from the admin server, I'm able to see this identity. But the status of this identity is "ISSUED". While the status of admin identity is "ACTIVATED". Is this an issue?
Or am I missing out on any of the important step here?