The command "gimme-aws-creds --register_device --profile myprofile" constantly failed and returns 400 bad request

[AlexanderNaiden]

The command "gimme-aws-creds --configure --profile myprofile" was successful and profile was created in the file .okta_aws_login_config. The next command "gimme-aws-creds --register_device --profile myprofile" failed. So that I can't populate device_token field in the .okta_aws_login_config file and can't setup aws cli from my machine.

Expected Behavior

After the command "gimme-aws-creds --register_device --profile myprofile" the device_token field should be populated in the .okta_aws_login_config file.

Current Behavior

PS C:\Users\Aliaksandr_Naidzenka\AppData\Local\Programs\Python\Python39\Scripts> python gimme-aws-creds --register_device --profile myprofile Using password from keyring for anaidzenka@corp.our_org.com Multi-factor Authentication required. Okta Verify App: SmartPhone_Windows: Microsoft RM-1077_1017 selected Traceback (most recent call last): File "C:\Users\Aliaksandr_Naidzenka\AppData\Local\Programs\Python\Python39\Scripts\gimme-aws-creds", line 17, in GimmeAWSCreds().run() File "C:\Users\Aliaksandr_Naidzenka\AppData\Local\Programs\Python\Python39\lib\site-packages\gimme_aws_creds\main.py", line 468, in run self._run() File "C:\Users\Aliaksandr_Naidzenka\AppData\Local\Programs\Python\Python39\lib\site-packages\gimme_aws_creds\main.py", line 790, in _run self.handle_action_register_device() File "C:\Users\Aliaksandr_Naidzenka\AppData\Local\Programs\Python\Python39\lib\site-packages\gimme_aws_creds\main.py", line 852, in handle_action_register_device auth_result = self.auth_session File "C:\Users\Aliaksandr_Naidzenka\AppData\Local\Programs\Python\Python39\lib\site-packages\gimme_aws_creds\main.py", line 581, in auth_session auth_result = self.okta.auth_session() File "C:\Users\Aliaksandr_Naidzenka\AppData\Local\Programs\Python\Python39\lib\site-packages\gimme_aws_creds\okta.py", line 158, in auth_session login_response = self.auth() File "C:\Users\Aliaksandr_Naidzenka\AppData\Local\Programs\Python\Python39\lib\site-packages\gimme_aws_creds\okta.py", line 151, in auth flow_state = self._next_login_step( File "C:\Users\Aliaksandr_Naidzenka\AppData\Local\Programs\Python\Python39\lib\site-packages\gimme_aws_creds\okta.py", line 306, in _next_login_step return self._login_multi_factor(state_token, login_data) File "C:\Users\Aliaksandr_Naidzenka\AppData\Local\Programs\Python\Python39\lib\site-packages\gimme_aws_creds\okta.py", line 564, in _login_multi_factor return self._login_send_push(state_token, factor) File "C:\Users\Aliaksandr_Naidzenka\AppData\Local\Programs\Python\Python39\lib\site-packages\gimme_aws_creds\okta.py", line 418, in _login_send_push response.raise_for_status() File "C:\Users\Aliaksandr_Naidzenka\AppData\Local\Programs\Python\Python39\lib\site-packages\requests\models.py", line 941, in raise_for_status raise HTTPError(http_error_msg, response=self) requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://our_organization.okta.com/api/v1/authn/factors/opfa04d1ctcc9X5KI356/verify?rememberDevice=True

Possible Solution

I checked my config file with my teammates config file. All values in my config file are correct. At his machine works but on my doesn't work. No any ideas.

Steps to Reproduce (for bugs)

1. Download and install Python 3 or higher
2. Install AWS CLI using either the MSI installer or Python Link: https://docs.aws.amazon.com/cli/latest/userguide/install-windows.html
3. Install gimme-aws-creds for Okta authentication Open Powershell as an Administrator pip3 install --upgrade gimme-aws-creds
4. Configure the profile make sure to cd to C:\Users\yourusername\AppData\Local\Programs\Python\PythonXX\Scripts python gimme-aws-creds --configure --profile (pick a profile name) these are the prompts that will show: Okta URL for your organization: https://our_organization.okta.com/ URL for gimme-creds-server [appurl]: HIT ENTER Application url: https://our_organization.okta.com/home/amazon_aws/XXXXXXXXXXXXXXXX/XXX Write AWS Credentials [n]: y Resolve AWS alias [n]: y Include Path [n]: y Okta User Name: ENTER YOUR CORP USERNAME AWS Default Session Duration [3600]: HIT ENTER Preferred MFA Device Type: push Preferred output format [export]: DOES NOT MATTER, HIT ENTER FOR DEFAULT 'export', type json if you prefer AWS Credential Profile [role]: HIT ENTER Use the values in the sample okta config below to validate your config. A file will get created in C:\Users\ \.okta_aws_login_config (to view make sure to show hidden items)
5. To populate the device_token field in the config run: python gimme-aws-creds --register_device --profile myprofile
6. See output with error in powershell.

Context

Your Environment

• App Version used: gimme-aws-creds 2.3.5
• Environment name and version: python 3.9.0, pip 20.2.4
• Operating System and version: Windows 10 1709 (Build 16299.2107)

[AlexanderNaiden]

I've changed value of preferred_mfa_type field with another value in .okta_aws_login_config and then device_token field was populated with token. However with push value it doesn't work for me.

[AlexanderNaiden]

I'm not sure. Could it be related with type of operating system on my mobile phone?