Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for apikey based logins #187

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Add support for apikey based logins #187

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
dbee09a
Add apikey based login strategy
dezeroku Jun 26, 2024
631fc77
Reuse headers for all login requests, deduplicate
dezeroku Jun 26, 2024
afa1303
Get email and device_id from config
dezeroku Jun 26, 2024
6a794b9
Add README about the auth methods
dezeroku Jun 26, 2024
d7a7cfd
Don't add headers to requests
dezeroku Jun 26, 2024
410484e
Add auth-email header in APIkey refresh_token flow
dezeroku Jun 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 13 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ configuration options:

* `email`: The email address to use as the account name when logging into the
Bitwarden server. Required.
* `client_id`: Client ID part of the API key. Defaults to regular login process if unset.
* `sso_id`: The SSO organization ID. Defaults to regular login process if unset.
* `base_url`: The URL of the Bitwarden server to use. Defaults to the official
server at `https://api.bitwarden.com/` if unset.
Expand Down Expand Up @@ -95,6 +96,18 @@ between by using the `RBW_PROFILE` environment variable. Setting it to a name
switch between several different vaults - each will use its own separate
configuration, local vault, and agent.

### Auth methods

Currently `rbw` supports three login strategies, listed by order of priority:
1. `apikey`, requires you to provide `client_id` and `client_secret`. Will be enabled
when a `client_id` value is set in the config file
2. `SSO` (Enterprise Single Sign-On). Will be enabled when a `sso_id` value is set in
the config file. (Note: due to the current implementation, if your account is secured with 2FA
you'll be required to go through the browser flow twice. You'll be prompted for the 2FA code
after the first run)
3. `email&password`, regular auth method, uses the same credentials as Bitwarden's Web Vault.
That's most likely what you want to use

## Usage

Commands can generally be used directly, and will handle logging in or
Expand Down
12 changes: 9 additions & 3 deletions src/actions.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,19 @@ pub async fn register(
let (client, config) = api_client_async().await?;

client
.register(email, &crate::config::device_id(&config).await?, &apikey)
.register(
email,
&crate::config::device_id_async(&config).await?,
&apikey,
)
.await?;

Ok(())
}

pub async fn login(
email: &str,
apikey: Option<crate::locked::ApiKey>,
password: crate::locked::Password,
two_factor_token: Option<&str>,
two_factor_provider: Option<crate::api::TwoFactorProviderType>,
Expand Down Expand Up @@ -42,9 +47,10 @@ pub async fn login(
let (access_token, refresh_token, protected_key) = client
.login(
email,
apikey.as_ref(),
config.sso_id.as_deref(),
&crate::config::device_id(&config).await?,
&identity.master_password_hash,
&crate::config::device_id_async(&config).await?,
Some(&identity.master_password_hash),
two_factor_token,
two_factor_provider,
)
Expand Down
Loading
Loading