[Bug] Okta MFA Verification requirement coming up each time command is run

[pranav-bhatt]

Each time I run gimme-aws-creds, the Okta MFA Verification is required by me each time I run the command. It's quite an inconvenience, and I'm not sure what changed. This issue started occurring just a few weeks ago, and I haven't made any account changes in the past few months.

Expected Behavior

In the past, it would remember that I have performed MFA already, and would remain authenticated at least for a few hours.

Current Behavior

I have to perform MFA each time I run the command. Okta doesn't remember that I've already authenticated. The same issue doesn't happen with my browser, where Okta remembers that I've logged in (even after I close and reopen within a few hours).

Your Environment

• App Version used: 2.7.2
• Environment name and version: Macbook Pro M1
• Operating System and version: macOS 13.4

[pranav-bhatt]

The -m flag has no effect

[anukrati1507]

I am facing the same issue. The flag seems to be not working as expected.

[pranav-bhatt]

@epierce any idea about this? If you need any extra info, I'll be happy to provide the same :)

[epierce]

Have you run gimme-aws-creds --register-device? That will set the device_token value that will be sent to Okta in the DT token. The -m flag doesn't do anything without the device token.

[pranav-bhatt]

Yes I have tried with that flag but it still asks for MFA each time 😞

Another thing I noticed is that my device shows up as 'Unrecognised Device' each time now in the MFA prompt. Earlier is used to show up as 'Mac OS...' or something similar.

[kylefuhrmanncalm]

Adding on here: If I don't have device_token in the config file, using -m for me appropriately confirms that I registered a new device, and no longer has Unrecognized Device on my Okta Verify prompt, but it does still ask me to verify each login.

So it seems in my example, it's appropriately at least recognizing that its sending the device token.