--configure sets an invalid device_token

[longbowrocks]

Expected Behavior

• I would like gimme-aws-creds --configure to provide a value for device_token that does not break device_token.
• I would like it if people could benefit from this fix without having to know about it.

The device_token feature, introduced in #74 and modified in #140, is pretty nice. I would expect its default value to reduce my MFA challenges, as follows:

$> gimme-aws-creds --configure
$> gimme-aws-creds
<1 or 2 MFA challenges depending on your configuration>
$> gimme-aws-creds
<1  MFA challenge>
$> gimme-aws-creds
<1 MFA challenge>

Instead, --configure sets device_token to an empty string (which is not valid), meaning that remember_device cannot do anything, regardless of whether it's enabled or not.

Current Behavior

I am always prompted with two MFA challenges:

$> gimme-aws-creds --configure
$> gimme-aws-creds
<2 MFA challenges>
$> gimme-aws-creds
<2 MFA challenges>
$> gimme-aws-creds
<2 MFA challenges>

Possible Solution

#408

Steps to Reproduce (for bugs)

Technically there are no secrets in my .okta_aws_login_config, but publicly publishing Nike's okta configuration still seems a bit much.
I could instead provide 10 lines of python that show okta replying with a session token or state token depending on whether the given DT cookie is 'arbitrarytoken' or ''.

Context

It takes me an extra 15 seconds to login every time I need to get or change my local AWS creds.

To give an estimate: 15 seconds X 100 people X 2 auths per day X 365 days a year = 12 person-days of time wasted each year.

Your Environment

• App Version used: 2.6.1 (git checkout master && PYTHONPATH=$(pwd) python3 bin/gimme-aws-creds --configure)
• Environment name and version: Python 3.11.3
• Operating System and version: macOS Ventura: 13.3.1 (a) (22E772610a)

[epierce]

The fix will be included in the next release. Thanks!