How to use the tokendito.helpers.select_preferred_mfa_index function in tokendito
To help you get started, we’ve selected a few tokendito examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
dowjones / tokendito / tokendito / okta_helpers.py View on Github 
d['status'] for d in mfa_options if 'status' in d and d['status'] != "ACTIVE"]
if len(mfa_setup_statuses) == len(mfa_options):
logging.error("MFA not configured. "
"Please enable MFA on your account and try again.")
sys.exit(2)
preset_mfa = settings.mfa_method
available_mfas = [d['factorType'] for d in mfa_options]
if preset_mfa is not None and preset_mfa in available_mfas:
mfa_index = available_mfas.index(settings.mfa_method)
else:
logging.warning(
"No MFA provided or provided MFA does not exist. [{}]".format(
settings.mfa_method))
mfa_index = helpers.select_preferred_mfa_index(mfa_options)
# time to challenge the mfa option
selected_mfa_option = mfa_options[mfa_index]
logging.debug("Selected MFA is [{}]".format(selected_mfa_option))
mfa_challenge_url = selected_mfa_option['_links']['verify']['href']
payload = helpers.prepare_payload(stateToken=primary_auth['stateToken'],
factorType=selected_mfa_option['factorType'],
provider=selected_mfa_option['provider'],
profile=selected_mfa_option['profile'])
selected_factor = okta_verify_api_method(
mfa_challenge_url, payload, headers)
mfa_provider = selected_factor["_embedded"]["factor"]["provider"].lower()
logging.debug("MFA Challenge URL: [{}] headers: {}".format(:param selected_okta_factor: Duo factor information retrieved from Okta.
:return payload: required payload for Okta callback
:return headers: required headers for Okta callback
"""
try:
duo_info = prepare_duo_info(selected_okta_factor)
except KeyError as missing_key:
logging.error(
"There was an issue parsing the Okta factor."
" Please try again. \n{}".format(missing_key))
sys.exit(1)
# Collect devices, factors, auth params for Duo
duo_info, duo_auth_response = get_duo_sid(duo_info)
factor_options = get_duo_devices(duo_auth_response)
mfa_index = helpers.select_preferred_mfa_index(
factor_options, factor_key="factor", subfactor_key="device")
mfa_option = factor_options[mfa_index]
logging.debug("Selected MFA is [{}]".format(mfa_option))
passcode = set_passcode(mfa_option)
txid = duo_mfa_challenge(duo_info, mfa_option, passcode)
verify_mfa = duo_mfa_verify(duo_info, txid)
# Make factor callback to Duo
sig_response = duo_factor_callback(duo_info, verify_mfa)
# Prepare for Okta callback
payload = helpers.prepare_payload(id=duo_info["factor_id"],
sig_response=sig_response,
stateToken=duo_info["state_token"])
Popular tokendito functions
- tokendito.aws_helpers.authenticate_to_roles
- tokendito.aws_helpers.ensure_keys_work
- tokendito.aws_helpers.select_assumeable_role
- tokendito.duo_helpers.authenticate_duo
- tokendito.helpers
- tokendito.helpers.get_input
- tokendito.helpers.prepare_payload
- tokendito.helpers.select_preferred_mfa_index
- tokendito.settings
- tokendito.settings.aws_shared_credentials_file
- tokendito.settings.config_dir
- tokendito.settings.encoding
- tokendito.settings.mfa_response
- tokendito.settings.okta_aws_app_url
- tokendito.settings.okta_password
- tokendito.settings.okta_profile
- tokendito.settings.okta_username
- tokendito.settings.role_arn
- tokendito.tool.cli