Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Only skip using the DT cookie when connecting to an OIE domain #458

Merged
merged 1 commit into from
Apr 22, 2024
Merged

Only skip using the DT cookie when connecting to an OIE domain #458

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions gimme_aws_creds/main.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ def __init__(self, ui=ui.cli):
os.path.join(self.FILE_ROOT, '.aws', 'credentials')
)
self._cache = {}
self.skip_DT = False

# this is modified code from https://github.com/nimbusscale/okta_aws_login
def _write_aws_creds(self, profile, access_key, secret_key, token, expiration, aws_config=None):
Expand Down Expand Up @@ -525,6 +526,8 @@ def okta_platform(self):
if self.config.force_classic is True or self.conf_dict.get('force_classic') is True:
self.ui.message('Okta Classic login flow enabled')
ret = 'classic'
# Skip Device Token registration
self.skip_DT = True
else:
if not self.conf_dict.get('client_id'):
raise errors.GimmeAWSCredsError('OAuth Client ID is required for Okta Identity Engine domains. Try running --config again.')
Expand Down Expand Up @@ -606,7 +609,7 @@ def get_resolver(self):

@property
def device_token(self):
if self.config.action_register_device is True or self.conf_dict.get('force_classic') is True:
if self.config.action_register_device is True or self.skip_DT is True:
self.conf_dict['device_token'] = None

return self.conf_dict.get('device_token')
Expand Down Expand Up @@ -943,7 +946,7 @@ def handle_action_store_json_creds(self, stream=None):

def handle_action_register_device(self):
# Capture the Device Token and write it to the config file
if self.okta_platform == "classic" and (self.conf_dict.get('force_classic') is not True) and ( not self.device_token or self.config.action_register_device is True ):
if self.okta_platform == "classic" and self.skip_DT is False and ( not self.device_token or self.config.action_register_device is True ):
if not self.config.action_register_device:
self.ui.notify('\n*** No device token found in configuration file, it will be created.')
self.ui.notify('*** You may be prompted for MFA more than once for this run.\n')
Expand Down