Actions
Defect #41220
closed
API Access does not require second factor
Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Accounts / authentication
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Resolution:
Invalid
Affected version:
Description
I have configured a required second factor for the admin account.
This is enforced when logging in via the browser interface.
It is however NOT enforced when using the API, where using
https://my.redmine.org/my/account.json with basic authentication
delivers me my api key NOT requiring the second factor.
When getting a token for www.keycloak.org for example, it is required
to pass the HTTP header totp with the current value to the endpoint.
Related issues
Updated by 
Updated by
Actions