search

Nike-Inc / gimme-aws-creds

A CLI that utilizes Okta IdP via SAML to acquire temporary AWS credentials
Apache License 2.0
925 stars 263 forks source link

No indication when webauthn token touched. #363

Closed zelch closed 1 year ago

zelch commented 2 years ago

There is a notable delay between a touch on the token, and the next indication that something is happening.

This may falsely lead a user to believe that they did not make contact with the device, or that it came loose in the USB port.

Expected Behavior

We should print something once the touch has been registered.

Current Behavior

Possible Solution

PR incoming.

Steps to Reproduce (for bugs)

Select a webauthn device for your MFA factor, note the delay between touching the device and the next output from gimme-aws-creds.

Context

Your Environment

slagiewka commented 1 year ago

Although not directly confirming touch, the UX is better now with v2.5.0, thanks to #348 

❯ gimme-aws-creds           
Using password from keyring for email@email
Multi-factor Authentication required.
Pick a factor:
[0] webauthn: YubiKey 5 with NFC
[1] webauthn: YubiKey 5 with NFC
Selection: 1
Challenge with security keys ...

Touch your authenticator device now...

Authentication Success!
Saving arn:aws:iam as profile
Written profile profile to /Users/user/.aws/credentials
epierce commented 1 year ago

419 fixes this