Closed snambi closed 1 year ago
It looks like your domain has been migrated to Okta Identity Engine. Have you configured your domain to work with gimme-aws-creds (https://github.com/Nike-Inc/gimme-aws-creds#using-gimme-aws-creds-with-okta-identity-engine)
@epierce Yes, I found that our domain is migrated to Okta Identity Engine
. Thanks for the pointer.
We just encountered the same problem in our organization when we migrated to OIE. The README section was useful, thanks!
I do have a question about this though:
When using gimme-aws-creds with an OIE domain, you will authenticate using your browser. Storing credentials in keychain or passing MFA codes through the command-line is NOT POSSIBLE.
Why is it no longer possible to use push notifications, keychain, and MFA codes?
Okta is requiring the use of the Device Authorization Flow in OIE, which happens in the browser. Since you have to authenticate in the browser, you won't be able to cache the password to your device's keychain or pass the MFA code using the --mfa-code
parameter.
Expected Behavior
simple invocation is expected to create $HOME/.aws/credentials file
Current Behavior
Fails with error.
Possible Solution
Steps to Reproduce (for bugs)
Your Environment