Closed Colgaton closed 4 years ago
I took some time to look at this today. It appears that at some point/some setups the input form element of (name="id-challenge") returns JSON, but it does not return JSON when using a YubiKey
Redacted example:
<input jsname="wCVnAe" name="id-challenge" type="hidden" value="<redacted>qLBl7hmVSRt3KzgRMzKaqkwn68XK2tD5JFeqxVDA4jLIxIo4/3dtIL/yrzzcyhZspU19def7AN9crpReSk0Xk53JGrLqdq1Oq6iFd+gdem4WXM+qMwuC7XU5hzpE5bnzD5+WJg6uvSZY/v0SODOhpT16rkq2U20GaZIQnUqpX2K34UrUaAqssmXpMsMa/2NhtkJ0W1ITzhcCx3ebxh2tdCQkJF5BB0ifxFVHF2WL1Sa7Hl3zQdVR8sjFOxvfHm7M7DoaQ4B5dtlZpzTTZ6WEA96lGy/nD4FfzcUyj/Q1CrFtak2aL7HrHg4qSmEH/ReYtEuYOGExuZ03UgVAVaRAwDKBoKlNSn8t3ZWUlCf/sYk2zUSm6E518YpRvlp8MQSmFV43pxzUA7IH4o/RV9NN7f8Qi2d7hlkBzhBywrdet4jn+PLeT1JHh1VU="/>
This value base64 decodes to binary which does not represent anything obvious to me. Without an understanding how to decode/translate this challenge I am unfamiliar with, it is impossible to create the needed data for the u2f function calls to sign the challenge.
If anyone has any ideas?
I am seeing this same issue but using Pixel 2 as the u2f device. So It's not just exclusive to YubiKey.
So I've worked through what was going on here. Short story there is a PR that works for me - keen for feedback to see if this works for others: https://github.com/cevoaustralia/aws-google-auth/pull/136 See https://github.com/cevoaustralia/aws-google-auth/issues/128 for the longer story
Hi @stevemac007 , sorry to be a squeaky wheel about this; the latest version of @adcreare 's PR 136 https://github.com/cevoaustralia/aws-google-auth/pull/136 seems to work for everybody now. Are you comfortable merging this in? I'm eager to roll this out to my users but need this fix in for them first. Thank you for everything!
Working fine for me as well.
Merged and released as part of v0.0.32
I have the google titan key setup for mfa and I'm getting the following error. Any plan to support it?
ERROR:root:No JSON object could be decoded Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/aws_google_auth/init.py", line 72, in cli process_auth(args, config) File "/usr/lib/python2.7/site-packages/aws_google_auth/init.py", line 212, in process_auth google_client.do_login() File "/usr/lib/python2.7/site-packages/aws_google_auth/google.py", line 259, in do_login sess = self.handle_sk(sess) File "/usr/lib/python2.7/site-packages/aws_google_auth/google.py", line 364, in handle_sk challenges = json.loads(challenges_txt) File "/usr/lib/python2.7/json/init.py", line 339, in loads return _default_decoder.decode(s) File "/usr/lib/python2.7/json/decoder.py", line 364, in decode obj, end = self.raw_decode(s, idx=_w(s, 0).end()) File "/usr/lib/python2.7/json/decoder.py", line 382, in raw_decode raise ValueError("No JSON object could be decoded") ValueError: No JSON object could be decoded