Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow log in with 2fa #12

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

allow log in with 2fa #12

wants to merge 1 commit into from

Conversation

pforero
Copy link

@pforero pforero commented Jul 31, 2020

Issue:
Currently degrioapi does not permit log in with accounts that use Two Factor Authentication (2FA).

Solution:
If in the DeGiro.login method the user provides a TOTP code, the login is done through the TOTP Log in URL, and provides the oneTimePassword as part of the login_payload.

@Jakub-CZ Jakub-CZ mentioned this pull request Dec 6, 2020
Open
@Deel18 Deel18 mentioned this pull request Apr 18, 2021
Closed
@SonGokussj4
Copy link

Hello. Are you planning to merge this to the master? Will this resolve the 2FA login?

@Jakub-CZ
Copy link

Jakub-CZ commented Jan 9, 2022

It would resolve it but the owner of this repo has been inactive for a few years now.

If you want you can install this package with this change like this:

pip install -U git+https://github.com/pforero/DegiroAPI.git@totp

@SonGokussj4
Copy link

Oh wow, thanks. It worked.
As a totp variable I entered the 6-digit code as string from GoogleAuth.

res = degiro.login(
    os.environ.get("DEGIRO_USERNAME"), 
    os.environ.get("DEGIRO_PASSWORD"), 
    os.environ.get("DEGIRO_TOTP")  # '123456'
)

So am I correct, I have to always type the current code for this to work? Can't this be more automated so it can work in the background?

@Jakub-CZ
Copy link

Jakub-CZ commented Jan 9, 2022
edited
Loading

You can use a package that can generate the TOTP automatically, e.g. https://pypi.org/project/pyotp/

totp = pyotp.TOTP(DEGIRO_TOTP_SEED).now()

Getting your old DEGIRO_TOTP_SEED may be pretty hard; Degiro won't give it to you for obvious safety reasons. You may need to turn off 2FA, then enable it again so that Degiro generates a new seed for you. You'll import the seed into your GoogleAuth again, plus you'll save it securely in a way so that your script can use it.

If Degiro doesn't show the seed as string (32 alphanumeric characters) you'll have to extract it from the QR code.

I hope I don't need to explain the security implication of doing all this.

EDIT: But I guess doing this is still better than not using 2FA at all...

@SonGokussj4
Copy link

I just figured it out too. Yeah, security implications are... "Don't get hacked" :-) And use it only on a secured machine. Yeah, but better than without 2FA.

For future reference, these were my steps:

  1. Login into Degiro, disable 2FA. Then Enable 2FA (re-add to the google auth app) and scan the QR code with Google Lenses or another QR reader
    This shows an address in format:
otpauth:https://totp/DEGIRO:MYUSERNAME?algorithm=SHA1&issuer=DEGIRO&secret=MYSECRET&digits=6&period=30
  1. Add MYSECRET to my local .env file, then use pyotp library to convert it to the 6-digit verification code.
# file: .env
DEGIRO_USERNAME="MYUSERNAME"
DEGIRO_PASSWORD="MYPASSWORD"
DEGIRO_TOTP="MYSECRET"

# file: main.py
import pyotp
import degiroapi
from dotenv import load_dotenv

def main():
    load_dotenv()
    totp = pyotp.TOTP(os.environ.get("DEGIRO_TOTP"), digits=6, interval=30)
    res = degiro.login(
        os.environ.get("DEGIRO_USERNAME"), 
        os.environ.get("DEGIRO_PASSWORD"), 
        totp.now())

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@pforero @SonGokussj4 @Jakub-CZ