Using a 2fa code from icloud keychain

Got a problem with Viscosity or need help? Ask here!

thegushi

Posts: 2
Joined: Fri Nov 25, 2022 7:55 pm

Post by thegushi » Mon Sep 09, 2024 11:00 am
Hey there folks,

Viscosity seems to be able to access the password for a session when you choose to store it in a user's login keychain, which is synchronized via icloud to multiple devices.

We recently added 2fa support to our VPN -- does the Keychain API allow viscosity to auto-fill a TOTP code stored in the system keychain as well?

James

User avatar
Posts: 2371
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Mon Sep 09, 2024 3:05 pm
Hi thegushi,

I'm afraid it's not something we have tried, however Viscosity does set the correct OTP field type for the challenge field, so it may work out of the box (for example it does work with SMS verification codes).

However if it doesn't, one potential issue is that Keychain verification codes have an issuing domain associated with them. You may need to grant Viscosity permission on the verification code in the Keychain (using Keychain Access), and if that fails, you may need to set an associated domain (assuming these are managed machines): https://support.apple.com/en-au/guide/d ... f64513/web

As a final option, you may be able to write an AppleScript script to grab the TOTP code from the Keychain (or other TOTP app) for you, and then make use of Viscosity's Pre-Connection Credentials feature to provide this to the connection automatically:
https://www.sparklabs.com/support/kb/ar ... redentials

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
2 posts Page 1 of 1