totp

First, thank you for maintaining this wonderful tool!

Is your feature request related to a problem? Please describe.
PBKDF2-HMAC-SHA1 is no longer recommended, and may become a problem if there are too few iterations (SHA1 is the issue, especially in conjunction with the small number of iterations), although a 16byte/128bit salt remains fine. This only offers security if used in conjunctio

Hello

What would you like to be added

Currently the step-cli certificate fingerprint foo.pem command only outputs the fingerprint as a SHA256 hash. It would be convenient to have an option to display a SHA1 fingerprint instead.

Why this is needed

Azure Iot Hub services display the fingerprints as SHA1 hashes on the Azure portal, so it's not easy to compare both types of finge

Tasks:

• add docs to token strategy (godoc)
• add links to the readme (api-key, bearer, x-header)

If a user goes to the login screen, and a browser password manager pre-fills the username and password, it should be possible for a user to just press the 'enter' button on their keyboard to submit the login form.