From 6c823ebddf85cb6622097de054b5e710c8500776 Mon Sep 17 00:00:00 2001
From: Eric Pierce <Eric.Pierce@nike.com>
Date: Mon, 22 Apr 2024 08:31:12 -0700
Subject: [PATCH] Only skip using the DT token when connecting to an OIE domain

---
 gimme_aws_creds/main.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/gimme_aws_creds/main.py b/gimme_aws_creds/main.py
index 44349ae..42108bf 100644
--- a/gimme_aws_creds/main.py
+++ b/gimme_aws_creds/main.py
@@ -77,6 +77,7 @@ def __init__(self, ui=ui.cli):
             os.path.join(self.FILE_ROOT, '.aws', 'credentials')
         )
         self._cache = {}
+        self.skip_DT = False
 
     #  this is modified code from https://github.com/nimbusscale/okta_aws_login
     def _write_aws_creds(self, profile, access_key, secret_key, token, expiration, aws_config=None):
@@ -525,6 +526,8 @@ def okta_platform(self):
                 if self.config.force_classic is True or self.conf_dict.get('force_classic') is True:
                     self.ui.message('Okta Classic login flow enabled')
                     ret = 'classic'
+                    # Skip Device Token registration
+                    self.skip_DT = True
                 else:
                     if not self.conf_dict.get('client_id'):
                         raise errors.GimmeAWSCredsError('OAuth Client ID is required for Okta Identity Engine domains.  Try running --config again.')
@@ -606,7 +609,7 @@ def get_resolver(self):
 
     @property
     def device_token(self):
-        if self.config.action_register_device is True or self.conf_dict.get('force_classic') is True:
+        if self.config.action_register_device is True or self.skip_DT is True:
             self.conf_dict['device_token'] = None
 
         return self.conf_dict.get('device_token')
@@ -943,7 +946,7 @@ def handle_action_store_json_creds(self, stream=None):
 
     def handle_action_register_device(self):
         # Capture the Device Token and write it to the config file
-        if self.okta_platform == "classic" and (self.conf_dict.get('force_classic') is not True) and ( not self.device_token or self.config.action_register_device is True ):
+        if self.okta_platform == "classic" and self.skip_DT is False and ( not self.device_token or self.config.action_register_device is True ):
             if not self.config.action_register_device:
                 self.ui.notify('\n*** No device token found in configuration file, it will be created.')
                 self.ui.notify('*** You may be prompted for MFA more than once for this run.\n')