Giter Club home page Giter Club logo

okta-login-again's Introduction

Okta Login Wrapper - Again

This is a continuation of OktaLoginWrapper that supports MFA that has a confirmation number. The original is archived on GH. The main purpose is to support this kind of login in zdeskcfg.

Provide an easy way for your scripts to access ressources behind an Okta SSO solution, without the need for an API token.

Prerequisite

  • Python 3
  • An Okta account

Installing

Install it with:

pip install okta-login-again

Getting Started

~WARNING~ Currently the script only works if you have "push", "secret question" or "software token" enabled as MFA.

April 2024 - forked to add support for number based confirmation, which I think is considered a challenge question and answer. I'm not sure what else that supports or what is left to support. It might work with challenge questions too.

The main goal of this script is to help you login to an application using SSO with Okta, without requiring any API token.

As part of another scripts, it allows you to have an okta_session object from where you can connect to all application assigned to you in Okta.

Start by importing the module and instantiate an OktaSession object with your Okta instance/organization name.

from oktaloginagain import OktaLoginWrapper as OLW

my_session = OLW.OktaSession(okta_instance) #Where okta_instance is https://<okta_instance>.okta.com

Then, depending on the type of multi-factor you want to use, you can do as follow

  • Most Basic use with push notification (default). You have 60 seconds to approve the connection on your phone.

    >>>  my_session.okta_auth(
...    username='<your_username>',
...    password='<your_password>',
...  )

59 seconds remaining before timeout.
57 seconds remaining before timeout.
55 seconds remaining before timeout.
'You are now logged in.'

  • Connect using the secret question.

    • You can provide the answer directly during authentication. this will log you straight in. 
      >>>  my_session.okta_auth(
...    username='<your_username>',
...    password='<your_password>',
...    answer='<your_answer>'
...  )

'You are now logged in.'
    • Or using the interactive way by providing the factor_type. You will be prompted to enter the answer. 
      >>>  my_session.okta_auth(
...    username='<your_username>',
...    password='<your_password>',
...    factor_type='question'
...  )

What was your dream job as a child >? <your_answer>
'You are now logged in.'

  • Connect using a software token. (Currently not tested with hardware token)

    • You can provide the passCode directly during authentication. this will log you straight in. 
      >>>  my_session.okta_auth(
...    username='<your_username>',
...    password='<your_password>',
...    passCode='<your_passCode>'
...  )

'You are now logged in.'
    • Or using the interactive way by providing the factor_type. You will be prompted to enter the passCode. 
      >>>  my_session.okta_auth(
...    username='<your_username>',
...    password='<your_password>',
...    factor_type='token'
...  )

Please type in your OTP: >? <your_passCode>
'You are now logged in.'

  • Connect to an app assigned to you.

    • You need to know the "embedded" link of the app you want to log into and pass it as an argument of connect_to(). 
      my_app = my_session.connect_to(<your_app_url>)

    Alternatively, you can use the provided method app_list() to retrieve the list of apps assigned to you along with their url and connect from there.

    >>> my_apps = my_session.app_list()

>>> my_app = None
>>> app_name = <your_app_name>
>>> for app in my_apps:
...     if app.get('label') == app_name:
...         my_app = my_session.connect_to(app.get('linkUrl'))

>>> if not my_app:
...     print("You do not have {} assigned in Okta.".format(app_name))
    • You can also use the method connect_from_appslist() to get an interactive way to select you app and connect to it.
    >>> my_app = my_session.connect_from_appslist()

app name: >? Slack
0 - Slack
1 - Slack-dev
Please select the app to connect to: >? 0

  • Then simply close the session when you're done.

    my_session.okta_session.close()

It can also be executed but this is mainly a proof of concept as it just print the raw content. I will probably remove that part at some point in the future.

Built With

  • Requests - Python HTTP Requests for Humans
  • lxml - The lxml XML toolkit for Python

License

This project is licensed under the MIT License - see the LICENSE.md file for details

okta-login-again's People

Contributors

b-souty avatar fprimex avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.