User is forced to select mfa factor if they have setup both Okta Verify and Google Authenticator
schlueter opened this issue · comments
Expected Behavior
When using gimme-aws-creds a user can configure a preferred mfa type to avoid having to select one each time the program is used. However, Okta allows for multiple instances for some types (namely totp) to be setup. Ideally, a user would be able to configure their preferred mfa provider in addition to the type, perhaps in a configuration field such as preferred_mfa_provider
.
Current Behavior
There is no current way to configure a preferred mfa provider, only type, which makes gimme-aws-creds prompt the user to select a factor if they have set up multiple factors matching their preferred type.
Possible Solution
Steps to Reproduce (for bugs)
- In Okta, setup extra verification for each Google Authenticator and Okta Verify.
- Configure gimme-aws-creds with
preferred_mfa_type = token:software:totp
. - Use gimme-aws-creds and observe that the user is prompted to select an mfa factor.
Context
In order to give myself options, I have both Google Authenticator and Okta Verify setup. In the past, I have disabled Okta Verify so that gimme-aws-creds only has one totp mfa to find, but this seems like an unnecessary concession when I can contribute a solution to the issue.
Your Environment
- App Version used: git dev @ 15f8420
- Environment name and version: python 3.9.6
- Operating System and version: MacOS Sonoma 14.3
This new feature will be released in 2.8.1