Authentication fails if two-factor auth is required

[wichert]

I tried to use hub to create a pull request, but got an error:

$ hub pull-request -i 350
github.com username: wichert
github.com password for wichert (never stored): stty: standard input: unable to perform all requested operations

Error creating pull request: Unauthorized (HTTP 401)

This is most likely because I have github configured to require two-factor authentication. And indeed in the security history I see this:

[mislav]

It might not be related to 2FA. In the output you pasted there is stty: standard input: unable to perform all requested operations, which I see for the first time and should not be shown. This points to the fact that your password might not have been collected correctly in the first place.

Can you give me more information about your system version and your shell?

[wichert]

This is an OSX 10.9/Mavericks system. The shell is bash 4.2.45. Both the shell and hub were installed via MacPorts.

[dasevilla]

I have the same issue with hub version 1.10.6 on OS X 10.9.

Here's what I did:

$ hub fork
github.com username: dasevilla
github.com password for dasevilla (never stored):
Error creating fork: Unauthorized (HTTP 401)

[jpfuentes2]

Confirmed this is an issue with 2FA. I received the exact same response @dasevilla pasted above.

I disabled 2FA temporarily, went back to try hub and authenticated successfully. I've re-enabled 2FA and am successfully using hub now.

[dasevilla]

Disabling 2FA, authenticating hub, and enabling 2FA worked for me as well.

[joelpurra]

I had the 401 issue with 1.10.6, because hub never asked for the 2FA code.

Using the source from the current HEAD, installed using homebrew's brew upgrade --HEAD hub, I got as far as hub asking for the 2FA code.

For some reason, github never sent me any 2FA code by sms when hub requested it, as noted in the security history. Solved it by opening a private browser window, heading to github.com and performing the first step of logging in on the website. Instead of using the new sms auth token on the website, I used it for hub.

Voilà, "oauth_access.create: hub (API)".

[mislav]

Yeah, 2FA really seems kind of broken right now. I'll need to change the way hub authenticated completely to put an end to these and similar authentication woes. Right now, you can use GitHub's web interface to create a token manually that you can paste to ~/.config/hub:

---
github.com:
- oauth_token: TOKEN
  user: mislav

[cyrusstoller]

@mislav where do you create the token?

[fuadsaud]

@cyrusstoller https://github.com/settings/applications

[afeld]

@mislav Couldn't the flow change to

$ hub fork
Are you using Two-Factor Authentication on github.com? [yN]: y
github.com username: afeld
github.com personal access token (generate at https://github.com/settings/applications): 123456

?

[mislav]

@afeld Detecting whether 2FA is enabled for your account is not the problem. However, I have other problems related to 2FA that I need to sort out. Expect an update soon

[afeld]

Even a warning after a 401 like "See #435 if you have 2FA enabled" would be an improvement in the short term. Just so that people don't throw up their hands and walk away from it.

[hkdobrev]

This is very similar to how Composer (PHP dependency manager) handles GitHub 2FA. Here's the related discussion: composer/composer#2280 Still not resolved.

[mislav]

@lawipac Composer has had 2FA support for many months now. However, this project is not Composer nor related to it at all. So, it's not an appropriate place to rant about your troubles with using Composer. If you need to report a bug to them, go to their issue tracker.

[rschuster3]

In case Google search brings anyone else to this thread: I had this issue today with not being able to login via Git Shell until I disabled 2FA. A coworker suggested using a personal access token for specific apps to prevent this from happening in the future. https://help.github.com/articles/creating-an-access-token-for-command-line-use/

Does that sound about right?

[mislav]

@rschuster3 Were you using hub or just plain git push/pull/clone? Where did you put the token?

[rschuster3]

Just plain git push/pull/clone. I haven't made the token yet (since I was able to authenticate after I disabled 2FA) but it's on my to-do list for today.

[fslone-nomi]

just did it myself. Create the token and enter it just as you would your password when signing in via Git Bash and you're good to go.

[rschuster3]

All righty, I'll go ahead and set it up now. The shell is oddly asking me to authenticate again for a push I want to make. I say "oddly" because I'm not asked to authenticate normally. Will post here again if I have issues with the token. Thanks!

[fslone-nomi]

might want to look into caching you credentials to help with that

https://help.github.com/articles/caching-your-github-password-in-git/

[corlaez]

The link provided by @rschuster3 works perfectly for my git kraken pulls issues after setting up 2 factor.