search

Nike-Inc / gimme-aws-creds

A CLI that utilizes Okta IdP via SAML to acquire temporary AWS credentials
Apache License 2.0
930 stars 262 forks source link

400 Client Error: Bad Request for url https://trial-888888.okta.com/oauth2/v1/token #441

Closed maisam94 closed 10 months ago

maisam94 commented 1 year ago

Device not activated Your device cannot be activated because of an internal error when running the following command: ./gimme-aws-creds

following is configuration file okta_org_url = https://trial-888888.okta.com okta_auth_server = default client_id = 0.....7 gimme_creds_server = https://trial-888888.okta.com/home/amazon_aws/0....7/272 aws_appname = aws_rolename = write_aws_creds = True cred_profile = role okta_username = app_url = resolve_aws_alias = True include_path = False preferred_mfa_type = remember_device = n aws_default_duration = 43200 output_format = force_classic = False open_browser = True

Expected Behavior

Current Behavior

Possible Solution

Steps to Reproduce (for bugs)

1. 2. 3. 4.

Context

Your Environment

epierce commented 12 months ago

Do you see any errors in the Okta logs? That error message is not getting generated by gimme-aws-creds, so it must be coming back from Okta

maisam94 commented 11 months ago

The error in the OKta logs is "[FAILURE]: user_not_assigned. After I assign the application to my username.. I retry to run ./gimme-aws-creds and got Okta response as following Device activated Follow the instructions on your device for next steps

But on my device I got error from gimme-aws-creds:

Authentication Success! Calling Gimme-Creds Server...
Traceback (most recent call last):
  File "/Users/maisammarjieh/.virtualenvs/TheFloor/lib/python3.8/site-packages/requests/models.py", line 971, in json
    return complexjson.loads(self.text, **kwargs)
  File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.8/lib/python3.8/json/__init__.py", line 357, in loads
    return _default_decoder.decode(s)
  File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.8/lib/python3.8/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.8/lib/python3.8/json/decoder.py", line 355, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
epierce commented 11 months ago

your configuration is incorrect. You should have: gimme_creds_server = appurl and app_url = https://trial-888888.okta.com/home/amazon_aws/0....7/272

That will request the SAML login for that Okta app after initial authentication