search

Nike-Inc / gimme-aws-creds

A CLI that utilizes Okta IdP via SAML to acquire temporary AWS credentials
Apache License 2.0
919 stars 262 forks source link

400 Client Error: Bad Request for url https://trial-888888.okta.com/oauth2/v1/token #441

Closed maisam94 closed 6 months ago

maisam94 commented 8 months ago

Device not activated Your device cannot be activated because of an internal error when running the following command: ./gimme-aws-creds

following is configuration file okta_org_url = https://trial-888888.okta.com okta_auth_server = default client_id = 0.....7 gimme_creds_server = https://trial-888888.okta.com/home/amazon_aws/0....7/272 aws_appname = aws_rolename = write_aws_creds = True cred_profile = role okta_username = app_url = resolve_aws_alias = True include_path = False preferred_mfa_type = remember_device = n aws_default_duration = 43200 output_format = force_classic = False open_browser = True

Expected Behavior

Current Behavior

Possible Solution

Steps to Reproduce (for bugs)

1. 2. 3. 4.

Context

Your Environment

epierce commented 8 months ago

Do you see any errors in the Okta logs? That error message is not getting generated by gimme-aws-creds, so it must be coming back from Okta

maisam94 commented 8 months ago

The error in the OKta logs is "[FAILURE]: user_not_assigned. After I assign the application to my username.. I retry to run ./gimme-aws-creds and got Okta response as following Device activated Follow the instructions on your device for next steps

But on my device I got error from gimme-aws-creds:

Authentication Success! Calling Gimme-Creds Server...
Traceback (most recent call last):
  File "/Users/maisammarjieh/.virtualenvs/TheFloor/lib/python3.8/site-packages/requests/models.py", line 971, in json
    return complexjson.loads(self.text, **kwargs)
  File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.8/lib/python3.8/json/__init__.py", line 357, in loads
    return _default_decoder.decode(s)
  File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.8/lib/python3.8/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.8/lib/python3.8/json/decoder.py", line 355, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
epierce commented 8 months ago

your configuration is incorrect. You should have: gimme_creds_server = appurl and app_url = https://trial-888888.okta.com/home/amazon_aws/0....7/272

That will request the SAML login for that Okta app after initial authentication