Skip to content

Commit

Permalink
Only skip using the DT token when connecting to an OIE domain
Browse files Browse the repository at this point in the history
  • Loading branch information
epierce committed Apr 22, 2024
1 parent 5e640c4 commit 6c823eb
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions gimme_aws_creds/main.py
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ def __init__(self, ui=ui.cli):
os.path.join(self.FILE_ROOT, '.aws', 'credentials')
)
self._cache = {}
self.skip_DT = False

# this is modified code from https://github.com/nimbusscale/okta_aws_login
def _write_aws_creds(self, profile, access_key, secret_key, token, expiration, aws_config=None):
Expand Down Expand Up @@ -525,6 +526,8 @@ def okta_platform(self):
if self.config.force_classic is True or self.conf_dict.get('force_classic') is True:
self.ui.message('Okta Classic login flow enabled')
ret = 'classic'
# Skip Device Token registration
self.skip_DT = True
else:
if not self.conf_dict.get('client_id'):
raise errors.GimmeAWSCredsError('OAuth Client ID is required for Okta Identity Engine domains. Try running --config again.')
Expand Down Expand Up @@ -606,7 +609,7 @@ def get_resolver(self):

@property
def device_token(self):
if self.config.action_register_device is True or self.conf_dict.get('force_classic') is True:
if self.config.action_register_device is True or self.skip_DT is True:
self.conf_dict['device_token'] = None

return self.conf_dict.get('device_token')
Expand Down Expand Up @@ -943,7 +946,7 @@ def handle_action_store_json_creds(self, stream=None):

def handle_action_register_device(self):
# Capture the Device Token and write it to the config file
if self.okta_platform == "classic" and (self.conf_dict.get('force_classic') is not True) and ( not self.device_token or self.config.action_register_device is True ):
if self.okta_platform == "classic" and self.skip_DT is False and ( not self.device_token or self.config.action_register_device is True ):
if not self.config.action_register_device:
self.ui.notify('\n*** No device token found in configuration file, it will be created.')
self.ui.notify('*** You may be prompted for MFA more than once for this run.\n')
Expand Down

0 comments on commit 6c823eb

Please sign in to comment.