okta-awscli crashes upon authentication failure after a change in required MFA methods in Okta

[konatacarneiro]

Describe the bug
When a change including a new required MFA factor in Okta is pushed to users, okta-awscli crashes when trying to obtain the session cookie in okta_auth.py::OktaAuth.get_session().

Some investigation showed that the /api/v1/sessions request was returning a HTTP 401 Unauthorized status with the error code "E0000004: Authentication exception".

The crash seems to happen because Okta is accepting the login credentials, but refusing to accept any API calls until the user logs onto the Okta web page and enrolls into the newly-added required MFA factor. After performing the enrollment, the crashes disappear.

To Reproduce
Steps to reproduce the behavior:

1. Have a preexisting user in Okta
2. Have a change be pushed to Okta configuration that adds a new required MFA factor
3. Try to obtain credentials using okta-awscli - a crash will happen after entering the password and performing MFA authentication.

Expected behavior
okta-awscli should return a clear message stating that the server denied the request to obtain the session cookie, and instructing the user to log off of Okta's web page, log back in and follow the instructions shown on the screen (if any) to restore access to their Okta account.

Output
Cannot reproduce the behavior anymore as I've already enrolled into the newly added MFA factor in my Okta account

Environment (please complete the following information):

• OS: Windows 10
• Version of okta-awscli you're running: 0.5.4

Additional context
N/A