User is forced to select mfa factor if they have setup both Okta Verify and Google Authenticator

[schlueter]

Expected Behavior

When using gimme-aws-creds a user can configure a preferred mfa type to avoid having to select one each time the program is used. However, Okta allows for multiple instances for some types (namely totp) to be setup. Ideally, a user would be able to configure their preferred mfa provider in addition to the type, perhaps in a configuration field such as preferred_mfa_provider.

Current Behavior

There is no current way to configure a preferred mfa provider, only type, which makes gimme-aws-creds prompt the user to select a factor if they have set up multiple factors matching their preferred type.

Possible Solution

#446

Steps to Reproduce (for bugs)

1. In Okta, setup extra verification for each Google Authenticator and Okta Verify.
2. Configure gimme-aws-creds with preferred_mfa_type = token:software:totp.
3. Use gimme-aws-creds and observe that the user is prompted to select an mfa factor.

Context

In order to give myself options, I have both Google Authenticator and Okta Verify setup. In the past, I have disabled Okta Verify so that gimme-aws-creds only has one totp mfa to find, but this seems like an unnecessary concession when I can contribute a solution to the issue.

Your Environment

• App Version used: git dev @ 15f8420
• Environment name and version: python 3.9.6
• Operating System and version: MacOS Sonoma 14.3

[epierce]

This new feature will be released in 2.8.1