Skip to content

Commit

Permalink
OIE authorization code flow implementation with forced classic authen…
Browse files Browse the repository at this point in the history
…tication.

Chained Oktas that are a mix of OIE and classic has issues, SAML2 does not return an idx cookies.
  • Loading branch information
sevignyj committed Nov 14, 2023
1 parent 4333d94 commit d3e8b0d
Show file tree
Hide file tree
Showing 10 changed files with 663 additions and 181 deletions.
2 changes: 1 addition & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ venv/
ENV/
env.bak/
venv.bak/
.vscode
.vscode/

# Spyder project settings
.spyderproject
Expand Down
2 changes: 1 addition & 1 deletion tokendito/__init__.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# vim: set filetype=python ts=4 sw=4
# -*- coding: utf-8 -*-
"""Tokendito module initialization."""
__version__ = "2.2.0"
__version__ = "2.3.0"
__title__ = "tokendito"
__description__ = "Get AWS STS tokens from Okta SSO"
__long_description_content_type__ = "text/markdown"
Expand Down
4 changes: 2 additions & 2 deletions tokendito/__main__.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,10 @@ def main(args=None): # needed for console script

path = os.path.dirname(os.path.dirname(__file__))
sys.path[0:0] = [path]
from tokendito.tool import cli
from tokendito.user import cmd_interface

try:
return cli(args)
return cmd_interface(args)
except KeyboardInterrupt:
print("\nInterrupted")
sys.exit(1)
Expand Down
9 changes: 1 addition & 8 deletions tokendito/aws.py
Original file line number Diff line number Diff line change
Expand Up @@ -47,30 +47,23 @@ def get_output_types():
return ["json", "text", "csv", "yaml", "yaml-stream"]


def authenticate_to_roles(config, urls, cookies=None):
def authenticate_to_roles(config, urls, cookies):
"""Authenticate AWS user with saml.
:param urls: list of tuples or tuple, with tiles info
:param cookies: html cookies
:param user_agent: optional user agent string
:return: response text
"""
if cookies:
HTTP_client.set_cookies(cookies) # Set cookies if provided

url_list = [urls] if isinstance(urls, tuple) else urls
responses = []
tile_count = len(url_list)
plural = "s" if tile_count > 1 else ""

logger.info(f"Discovering roles in {tile_count} tile{plural}.")
for url, label in url_list:
response = HTTP_client.get(url) # Use the HTTPClient's get method

session_url = config.okta["org"] + "/login/sessionCookieRedirect"
params = {"token": cookies.get("sessionToken"), "redirectUrl": url}

response = HTTP_client.get(session_url, params=params)

saml_response_string = response.text
Expand Down
1 change: 1 addition & 0 deletions tokendito/config.py
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ class Config(object):
password="",
mfa=None,
mfa_response=None,
client_id=None,
tile=None,
org=None,
device_token=None,
Expand Down
8 changes: 6 additions & 2 deletions tokendito/http_client.py
Original file line number Diff line number Diff line change
Expand Up @@ -26,13 +26,16 @@ def set_cookies(self, cookies):
"""Update session with additional cookies."""
self.session.cookies.update(cookies)

def get(self, url, params=None, headers=None):
def get(self, url, params=None, headers=None, allow_redirects=True):
"""Perform a GET request."""
response = None
try:
logger.debug(f"GET to {url}")
logger.debug(f"Sending cookies: {self.session.cookies}")
logger.debug(f"Sending headers: {self.session.headers}")
response = self.session.get(url, params=params, headers=headers)
response = self.session.get(
url, params=params, headers=headers, allow_redirects=allow_redirects
)
response.raise_for_status()
logger.debug(f"Received response from {url}: {response.text}")
return response
Expand All @@ -51,6 +54,7 @@ def get(self, url, params=None, headers=None):

def post(self, url, data=None, json=None, headers=None, params=None, return_json=False):
"""Perform a POST request."""
logger.debug(f"POST to {url}")
try:
response = self.session.post(url, data=data, json=json, params=params, headers=headers)
response.raise_for_status()
Expand Down
Loading

0 comments on commit d3e8b0d

Please sign in to comment.