Merge pull request #458 from Nike-Inc/dev

Only skip using the DT cookie when connecting to an OIE domain
Nike-Inc · Apr 22, 2024 · fc307d2 · fc307d2
2 parents 4545fb4 + 6c823eb
commit fc307d2
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/gimme_aws_creds/main.py b/gimme_aws_creds/main.py
@@ -77,6 +77,7 @@ def __init__(self, ui=ui.cli):
             os.path.join(self.FILE_ROOT, '.aws', 'credentials')
         )
         self._cache = {}
+        self.skip_DT = False
 
     #  this is modified code from https://github.com/nimbusscale/okta_aws_login
     def _write_aws_creds(self, profile, access_key, secret_key, token, expiration, aws_config=None):
@@ -525,6 +526,8 @@ def okta_platform(self):
                 if self.config.force_classic is True or self.conf_dict.get('force_classic') is True:
                     self.ui.message('Okta Classic login flow enabled')
                     ret = 'classic'
+                    # Skip Device Token registration
+                    self.skip_DT = True
                 else:
                     if not self.conf_dict.get('client_id'):
                         raise errors.GimmeAWSCredsError('OAuth Client ID is required for Okta Identity Engine domains.  Try running --config again.')
@@ -606,7 +609,7 @@ def get_resolver(self):
 
     @property
     def device_token(self):
-        if self.config.action_register_device is True or self.conf_dict.get('force_classic') is True:
+        if self.config.action_register_device is True or self.skip_DT is True:
             self.conf_dict['device_token'] = None
 
         return self.conf_dict.get('device_token')
@@ -943,7 +946,7 @@ def handle_action_store_json_creds(self, stream=None):
 
     def handle_action_register_device(self):
         # Capture the Device Token and write it to the config file
-        if self.okta_platform == "classic" and (self.conf_dict.get('force_classic') is not True) and ( not self.device_token or self.config.action_register_device is True ):
+        if self.okta_platform == "classic" and self.skip_DT is False and ( not self.device_token or self.config.action_register_device is True ):
             if not self.config.action_register_device:
                 self.ui.notify('\n*** No device token found in configuration file, it will be created.')
                 self.ui.notify('*** You may be prompted for MFA more than once for this run.\n')