You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
After upgrading to MacOS Sonoma 14.5, and okta-awscli 0.5.5_1 (via brew), authentication in the shell failed due to no push notification received on the Okta Verify device. Authentication in (multiple) browser was working correctly, no issues.
To Reproduce
Steps to reproduce the behavior:
start with a working config :)
Update MacOS Sonoma 14.5 and brew installation of okta-awscli
try to authenticate: okta-awscli -f -o myprofile
everything appears to be normal, even in -v and -d modes, but the push notification is never received
Expected behavior
push notification should be recieved on device, accepted and the auth completed
Output
[me@mac]:~ $ okta-awscli -d -f -o myprofile
DEBUG - Setting AWS role to arn:aws:iam::NNNNNNNNNNN:role/AWS-0000-US-SRE
DEBUG - Setting AWS partition to AwsPartition.AWS
DEBUG - Setting AWS profile to mycompany
DEBUG - Setting MFA factor to OKTA
INFO - App Link set as: https://mycompany.okta.com/home/amazon_aws/0oa5i8luhspwd2KvRxxxxxxxxx
INFO - Authenticating to: mycompany.okta.com
INFO - Authenticating as: fname.lname@mycompany.com
Enter password:
INFO - Using pre-selected factor choice from ~/.okta-aws
INFO - Performing secondary authentication using: OKTA
DEBUG - {'id': 'opff89gnuyby4D0jP5d7', 'factorType': 'push', 'provider': 'OKTA', 'vendorName': 'OKTA', 'profile': {'credentialId': 'fname.lname@mycompany.com', 'deviceType': 'SmartPhone_Android', 'keys': [{'kty': 'RSA', 'use': 'sig', 'kid': 'default', 'jwkType': 'proofOfPossession', 'e': 'AQAB\n', 'n': 'AMuROUAsrZWhgzRyRkSe10zjG8M_TU58fLqMEOyCGAKzeCeG0uuPahYEtlXG3bDZl_1FDCYW3-iu\nvXdgDbysCa2Qdc8wfEK88gxwRk0g030maUstU4a2cn1VU5HCCB16Qc0jEKOvNNL6qMXQDEqKfQWb\nUOX-K-C0YIUIk_4u6aEDVmbLaNr_FXXXXXXXXXXXXXXXX_fxRjZA_RUxWDDA8xZDie\nlvR3pEPXDoLEgpLCJXXXXXXXIq8L0U9KNbGgJdIu_wfsJ-P_e_Ym17aiSF_sqN_L6-Ns_S7jSMa\nuCcBqFSs6Gq2WSqjtwMldnEbI0Ux2LqJsxlpaFM=\n'}], 'name': 'InfiniteParrot', 'platform': 'ANDROID', 'version': '14:2024-02-01'}, '_links': {'verify': {'href': 'https://mycompany.okta.com/api/v1/authn/factors/opff89gnuyby4xxxxxxx/verify', 'hints': {'allow': ['POST']}}}}
Waiting for push verification...
^C
Aborted!
[me@mac]:~ $
Environment (please complete the following information):
OS: MacOS Sonoma 14.5
0.5.5 (techincally it is 0.5.5_1, but can only see that from brew dir path)
Additional context
I had switched phones about 4 months prior to this, and had no issues at all. So I actually had two phones that had been registered with Okta Verify app. This was not causing any issue until the updates. After this, it appears that the sort-order of the two devices changed. The original device was called 'InfiniteParrot' and the second, in-use device was called 'Redrobin'. After the update, while in browser okta auth was find and send push to the desired 'RedRobin' device, from okta-awscli, the push was going to the unused device 'InfiniteParrot'. I suspect that the old code sorted by registration-date, and the new code sorts alphabetically by name or something like that. After I deleted the unused device from my account, then okta-awscli worked fine, but there is only one device.
What would be nice is if the okta-awscli would support a cli opt to specify the verify device in some way at the command line.
But in any case, something changed in this code that broke my auth in this case.
The text was updated successfully, but these errors were encountered:
Describe the bug
After upgrading to MacOS Sonoma 14.5, and okta-awscli 0.5.5_1 (via brew), authentication in the shell failed due to no push notification received on the Okta Verify device. Authentication in (multiple) browser was working correctly, no issues.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
push notification should be recieved on device, accepted and the auth completed
Output
Environment (please complete the following information):
Additional context
I had switched phones about 4 months prior to this, and had no issues at all. So I actually had two phones that had been registered with Okta Verify app. This was not causing any issue until the updates. After this, it appears that the sort-order of the two devices changed. The original device was called 'InfiniteParrot' and the second, in-use device was called 'Redrobin'. After the update, while in browser okta auth was find and send push to the desired 'RedRobin' device, from okta-awscli, the push was going to the unused device 'InfiniteParrot'. I suspect that the old code sorted by registration-date, and the new code sorts alphabetically by name or something like that. After I deleted the unused device from my account, then okta-awscli worked fine, but there is only one device.
What would be nice is if the okta-awscli would support a cli opt to specify the verify device in some way at the command line.
But in any case, something changed in this code that broke my auth in this case.
The text was updated successfully, but these errors were encountered: