Okta login made easy from the command line without API token
Project description
Okta Login Wrapper
Provide an easy way for your scripts to access ressources behind an Okta SSO solution, without the need for an API token.
Prerequisite
- Python 3
- An Okta account
Installing
oktaloginwrapper is now available on Pypi. Simply install it with:
pip install oktaloginwrapper
Getting Started
~WARNING~ Currently the script only works if you have "push", "secret question" or "software token" enabled as MFA.
The main goal of this script is to help you login to an application using SSO with Okta, without requiring any API token.
As part of another scripts, it allows you to have an okta_session object from where you can connect to all application assigned to you in Okta.
Start by importing the module and instantiate an OktaSession object with your Okta instance/organization name.
from oktaloginwrapper import OktaLoginWrapper as OLW
my_session = OLW.OktaSession(okta_instance) #Where okta_instance is https://<okta_instance>.okta.com
Then, depending on the type of multi-factor you want to use, you can do as follow
-
Most Basic use with push notification (default). You have 60 seconds to approve the connection on your phone.
>>> my_session.okta_auth( ... username='<your_username>', ... password='<your_password>', ... ) 59 seconds remaining before timeout. 57 seconds remaining before timeout. 55 seconds remaining before timeout. 'You are now logged in.'
-
Connect using the secret question.
- You can provide the answer directly during authentication. this will log you straight in.
>>> my_session.okta_auth( ... username='<your_username>', ... password='<your_password>', ... answer='<your_answer>' ... ) 'You are now logged in.'
- Or using the interactive way by providing the factor_type. You will be prompted to enter the answer.
>>> my_session.okta_auth( ... username='<your_username>', ... password='<your_password>', ... factor_type='question' ... ) What was your dream job as a child >? <your_answer> 'You are now logged in.'
- You can provide the answer directly during authentication. this will log you straight in.
-
Connect using a software token. (Currently not tested with hardware token)
- You can provide the passCode directly during authentication. this will log you straight in.
>>> my_session.okta_auth( ... username='<your_username>', ... password='<your_password>', ... passCode='<your_passCode>' ... ) 'You are now logged in.'
- Or using the interactive way by providing the factor_type. You will be prompted to enter the passCode.
>>> my_session.okta_auth( ... username='<your_username>', ... password='<your_password>', ... factor_type='token' ... ) Please type in your OTP: >? <your_passCode> 'You are now logged in.'
- You can provide the passCode directly during authentication. this will log you straight in.
-
Connect to an app assigned to you.
- You need to know the "embedded" link of the app you want to log into and pass it as an argument of connect_to().
my_app = my_session.connect_to(<your_app_url>)
Alternatively, you can use the provided method app_list() to retrieve the list of apps assigned to you along with their url and connect from there.
>>> my_apps = my_session.app_list() >>> my_app = None >>> app_name = <your_app_name> >>> for app in my_apps: ... if app.get('label') == app_name: ... my_app = my_session.connect_to(app.get('linkUrl')) >>> if not my_app: ... print("You do not have {} assigned in Okta.".format(app_name))
- You can also use the method connect_from_appslist() to get an interactive way to select you app and connect to it.
>>> my_app = my_session.connect_from_appslist() app name: >? Slack 0 - Slack 1 - Slack-dev Please select the app to connect to: >? 0
- You need to know the "embedded" link of the app you want to log into and pass it as an argument of connect_to().
-
Then simply close the session when you're done.
my_session.okta_session.close()
It can also be executed but this is mainly a proof of concept as it just print the raw content. I will probably remove that part at some point in the future.
Built With
License
This project is licensed under the MIT License - see the LICENSE.md file for details
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Hashes for oktaloginwrapper-0.2.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 23fe28df9cc70148a2c1c63b5380807a912205a56bd4f8c212eff2a46af6d157 |
|
MD5 | 72bbf257750abe888ff04dcae06ce86c |
|
BLAKE2b-256 | 6bc662b5c82a30f0d58929754c9578466b4c2554a4d551ffc61eb9c7a932066c |