Getting authorization error when AWS Fed application assignment type is Group #482
Description
Getting error which authorizing with a user with Group assignment in AWS Fed Okta Application
It works fine with an user which has Individual assignment. Tried converting Group to Individual and it worked for the same user
Expected Behavior
AWS keys should be generated after Okta MFA
Current Behavior
Getting Below error when running gimme-aws-creds
The system web browser will open the following URL to begin Okta device authorization:
https://org-name.oktapreview.com/activate?user_code=XWSJVWFP
..
(after authorizing)
..
Traceback (most recent call last):
vac File "/Users/nsharma/tmphome/venv/bin/gimme-aws-creds", line 17, in <module>
GimmeAWSCreds().run()
~~~~~~~~~~~~~~~~~~~^^
File "/Users/nsharma/tmphome/venv/lib/python3.13/site-packages/gimme_aws_creds/main.py", line 453, in run
self._run()
~~~~~~~~~^^
File "/Users/nsharma/tmphome/venv/lib/python3.13/site-packages/gimme_aws_creds/main.py", line 876, in _run
for data in self.iter_selected_aws_credentials():
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^
File "/Users/nsharma/tmphome/venv/lib/python3.13/site-packages/gimme_aws_creds/main.py", line 845, in iter_selected_aws_credentials
aws_results = executor.map(generate_credentials_prepare_data, self.aws_selected_roles)
^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/nsharma/tmphome/venv/lib/python3.13/site-packages/gimme_aws_creds/main.py", line 727, in aws_selected_roles
selected_roles = self._get_selected_roles(self.requested_roles, self.aws_roles)
^^^^^^^^^^^^^^
File "/Users/nsharma/tmphome/venv/lib/python3.13/site-packages/gimme_aws_creds/main.py", line 718, in aws_roles
self.saml_data['SAMLResponse'],
^^^^^^^^^^^^^^
File "/Users/nsharma/tmphome/venv/lib/python3.13/site-packages/gimme_aws_creds/main.py", line 709, in saml_data
self._cache['saml_data'] = saml_data = self.okta.get_saml_response(self.aws_app['links']['appLink'], self.auth_session)
~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/nsharma/tmphome/venv/lib/python3.13/site-packages/gimme_aws_creds/okta_identity_engine.py", line 167, in get_saml_response
web_sso_token = self._web_sso_token_exchange(app_id, auth_session['access_token'], auth_session['id_token'])
File "/Users/nsharma/tmphome/venv/lib/python3.13/site-packages/gimme_aws_creds/okta_identity_engine.py", line 160, in _web_sso_token_exchange
response.raise_for_status()
~~~~~~~~~~~~~~~~~~~~~~~~~^^
File "/Users/nsharma/tmphome/venv/lib/python3.13/site-packages/requests/models.py", line 1024, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://org-name.oktapreview.com/oauth2/v1/token
Possible Solution
N/A
Steps to Reproduce (for bugs)
~/.okta_aws_login_config file contents
[DEFAULT]
okta_org_url = https://org-name.oktapreview.com
okta_auth_server =
client_id = <client_id>
gimme_creds_server = appurl
aws_appname =
aws_rolename = <role arn>
write_aws_creds = True
cred_profile = role
app_url = <app url>
resolve_aws_alias = False
include_path = False
preferred_mfa_type =
remember_device = n
aws_default_duration = 3600
output_format =
force_classic = False
open_browser = True
enable_keychain = y
Context
Your Environment
- App Version used: gimme-aws-creds
- Environment name and version: 2.8.2
- Operating System and version: Mac OS X Darwin Kernel Version 24.1.0