macOS Keychain TOTP support

Got a problem with Viscosity or need help? Ask here!


Posts: 1
Joined: Wed Nov 16, 2022 1:28 pm

Post by charlesa » Wed Nov 16, 2022 1:35 pm
I've started to use the Keychain TOTP support more and more. The direct support inside Safari is quite welcome.

However, I'd like to leverage quick access from within the TOTP (
Code: Select all
static-challenge "Enter Auth Code" 0
) prompt. Does anyone know of a way to access those codes via AppleScript that I could use during a Pre-Connect script?


User avatar
Posts: 2203
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Fri Nov 25, 2022 4:29 pm
Hi charlesa,

The latest Viscosity beta versions allows two-factor challenge responses to be returned by a Before-Connect script. We have some documentation on how to use this at: ... redentials

Information on how to update to the latest beta version can be found at: ... -versions/

However sadly the Keychain's Verification Code support is limited to Safari only at this stage. Other applications like Viscosity cannot use the stored TOTP data to generate codes. It's likely macOS will add support for this in the future. The latest beta version of Viscosity actually adds support for SMS verification codes, and so if Apple add TOTP support for other applications Viscosity should also support it with no further changes needed.

That said, it's possible to use both Keychain's Verification Code support and another TOTP application at the same time: simply use the same QR code or seed code with both. This will allow you to continue to use the Keychain autofill support in Safari, while using another app in combination with a Before-Connect script above for your VPN connection/s. You could use a password manager like 1Password (which provides a command line interface), or you can find a ton of TOTP generator apps on GitHub that can be called from a script as well.

James Bekkema
Viscosity Developer

2 posts Page 1 of 1