if TSOID is going to get converted to MFA authentication,

[kumnar02]

how is the sdk is going to store it , i see we are using host username and password to get the profile created.

anyone tried how offen you need to approve ? any leads on this ?

@traeok can you please suggest here ?

[t1m0thyj]

@kumnar02 The Python SDK uses profiles to store connection info like host, username, and password. When connecting to z/OSMF API on a mainframe with MFA authentication configured, then the password needs to include MFA token. Depending on which MFA service is used, the MFA token either replaces a standard password or must be added as a suffix.

Since MFA tokens are typically short-lived (on the order of 30 seconds to a few minutes), using them as a password in a Zowe profile is inconvenient. Every time the token expires, users of your app would need to input a new password. The recommended solution for this is to authenticate with the Zowe API Mediation Layer (API ML), which gives you a long-lasting JWT token.

The JWT token generated by the API ML has a configurable expiration time - I believe the default is 8 hours. If stored as tokenType=apimlAuthenticationToken and tokenValue in a Zowe profile, the Python SDK will use it instead of a password.