User is forced to select mfa factor if they have setup both Okta Verify and Google Authenticator

Question

User is forced to select mfa factor if they have setup both Okta Verify and Google Authenticator

schlueter opened this issue 5 months ago · comments

Brandon Schlueter commented 5 months ago

Expected Behavior

When using gimme-aws-creds a user can configure a preferred mfa type to avoid having to select one each time the program is used. However, Okta allows for multiple instances for some types (namely totp) to be setup. Ideally, a user would be able to configure their preferred mfa provider in addition to the type, perhaps in a configuration field such as preferred_mfa_provider.

Current Behavior

There is no current way to configure a preferred mfa provider, only type, which makes gimme-aws-creds prompt the user to select a factor if they have set up multiple factors matching their preferred type.

Possible Solution

#446

Steps to Reproduce (for bugs)

In Okta, setup extra verification for each Google Authenticator and Okta Verify.
Configure gimme-aws-creds with preferred_mfa_type = token:software:totp.
Use gimme-aws-creds and observe that the user is prompted to select an mfa factor.

Context

In order to give myself options, I have both Google Authenticator and Okta Verify setup. In the past, I have disabled Okta Verify so that gimme-aws-creds only has one totp mfa to find, but this seems like an unnecessary concession when I can contribute a solution to the issue.

Your Environment

App Version used: git dev @ 15f8420
Environment name and version: python 3.9.6
Operating System and version: MacOS Sonoma 14.3

Eric Pierce · Answer 1 · Fri Apr 19 2024 22:48:37 GMT+0800 (China Standard Time)

This new feature will be released in 2.8.1