Closed vkatsikaros closed 4 years ago
I had the same problem. Turns out, i had a G-Suite and a normal Google account with the same email address, and it was prompting, which one i wanted to use. After i removed the private account, it worked like a charm.
There is a save-failure-html
flag that should do the same thing as what you needed to to do manually. This helps in tracking down the changes that Google make to their SSO workflow given this integration is working on reverse engineering the webpage flows.
--save-failure-html Write HTML failure responses to file for
troubleshooting.
Does this trap and collect the information the same way you did?
There is a
save-failure-html
flag that should do the same thing
Thanks @stevemac007! I learned it the hard way, but eventually i figured out there was a flag for it.
Thanks @stevemac007 I hadn't noticed!
Hello
I think I ran into an additional google response than #52 #3 #90 .
I run aws-agoogle-auth from within an EC2 instance, that is my "workstation" and I get this. At the same time with the same google password aws-google-auth works from my laptop
print(sess.url)
at https://github.com/cevoaustralia/aws-google-auth/blob/165e8636cdf58d2691c38fe67028ffdbb174aeb4/aws_google_auth/google.py#L279print(response_page)
at https://github.com/cevoaustralia/aws-google-auth/blob/165e8636cdf58d2691c38fe67028ffdbb174aeb4/aws_google_auth/google.py#L488The sess url was https://accounts.google.com/signin/challenge/az/2?continue=https%3A%2F%2Faccounts.google.com%2Fo%2Fsaml2%2Finitsso%3Fidpid%3D123123%26spid%3D123123%26forceauthn%3Dfalse%26from_login%3D1%26as%3D123123%26authuser%3Dunknown&sarp=1&scc=1&checkedDomains=youtube&pstMsg=0&TL=123123 (I replaced the IDs with "123123")
And the response from google![aws-google-auth](https://user-images.githubusercontent.com/1138992/63338985-8e123700-c34c-11e9-8bb4-778c77a88a44.png)
I then used SOCKS/Firefox, opened the page using my EC2 instance as a proxy and completed the verification process.
After I completed the verification process, I could use aws-google-auth as expected. I managed to find the solution to the problem but the issue was quite obscure and debugging required quite a lot of effort (for example I first tried to find out if my python/pip setup matched my laptop's one). I am not sure if aws-google-auth can handle the phone verification from the command line. An improvement would be to show a more informative message to the user and provide the html verification page without a lot of fuzz.