Hi, I have a feature request, but before opening a probably useless JIRA issue, I'd like to discuss this here. Let's assume that TOTP is activated and an user wants to change his TOTP device, or wants to use different apps, for example one on their phone and one on their computer. In Guacamole, once the TOTP secret has been confirmed, the only way to show it again is to go to the database and query it with something like SELECT * FROM guacamole_user_attribute WHERE attribute_name='guac-totp-key-secret' AND user_id = (SELECT entity_id FROM guacamole_entity WHERE name = 'username' AND type ='USER'); or SELECT guacamole_user.user_id, guacamole_user.entity_id, name, attribute_value FROM guacamole_entity,guacamole_user,guacamole_user_attribute WHERE guacamole_user_attribute.user_id = guacamole_user.user_id AND guacamole_user.entity_id = guacamole_entity.entity_id AND attribute_name = 'guac-totp-key-secret' and name like 'username'; which first, is not avaible to generic users, and two, requires you to know the database schema. Or to ask an admin to reset the TOTP confirmation, and make sure you have all your devices ready when re-enrolling. Would it be practical to have the option to show the secret key somewhere, probably in the Settings > Preference tab, only for the currently logged in user of course? I am an amateur user, and use Guacamole on a home network. What would be the larger implications if the secret key could be displayed?
In my opinion, because username/password is something-you-know, and TOTP is something-you-have, and because you need both to log in, I don't believe begin able to see the secret key when you are already logged in is big security issue. Looking forward to reading your ideas. Thanks you Antoine
