oktad icon indicating copy to clipboard operation
oktad copied to clipboard
verified publisher icon RedVentures

Unable to have multiple open sessions

Open james-huston opened this issue 9 years ago • 5 comments

Because the credential caching in ~/.okta-aws/credentials is not namespaced by profile you cannot have 2 sessions to different accounts open in 2 seperate terminal windows. When you attempt to open the 2nd session it sees the credentials file and if those haven't expired it just puts them in your environment without checking that they are for the requested account.

james-huston avatar Jun 09 '16 19:06 james-huston

Are you asking to namespace cached credentials by Okta appUrl? The data in the .credentials file is namespaced by account. Here's my file with credentials & stuff removed:

{
  "__oktad_base_credentials": {
    "Creds": {
      "AccessKeyID": "",
      "SecretAccessKey": "",
      "SessionToken": "",
      "ProviderName": "StaticProvider"
    },
    "Expiration": ""
  },
  "production": {
    "Creds": {
      "AccessKeyID": "",
      "SecretAccessKey": "",
      "SessionToken": "",
      "ProviderName": "StaticProvider"
    },
    "Expiration": ""
  },
  "development": {
    "Creds": {
      "AccessKeyID": "",
      "SecretAccessKey": "",
      "SessionToken": "",
      "ProviderName": "StaticProvider"
    },
    "Expiration": ""
  }
}

Also, I was able to run two commands like these simultaneously for those two profiles in two different terminal windows:

$ oktad production aws ec2 describe-instances

$ oktad development -- aws s3 cp --recursive s3://copy-from-some/nested/location

You may have uncovered a bug in how that file works, though.

hopkinsth avatar Jun 10 '16 02:06 hopkinsth

So I bet the issue is when the 2nd connection is using the default account. I am running

oktad production -- /bin/bash

then ending up with the same credentials when i run this in a separate terminal

oktad -- /bin/bash

So i bet it's not namespacing the initial account properly.

james-huston avatar Jun 10 '16 12:06 james-huston

Ah, ok. I'll give that a shot sometime this morning and fix. Probably not choosing a profile properly when credentials are cached.

On Jun 10, 2016, at 8:30 AM, James Huston [email protected] wrote:

So I bet the issue is when the 2nd connection is using the default account. I am running

oktad production -- /bin/bash

then ending up with the same credentials when i run this in a separate terminal

oktad -- /bin/bash

So i bet it's not namespacing the initial account properly.

― You are receiving this because you were assigned. Reply to this email directly, view it on GitHub, or mute the thread.

hopkinsth avatar Jun 10 '16 12:06 hopkinsth

I've tried this on my machine with v0.6.0, and I'm not able to reproduce it. I'll stop by in person and look into what you're seeing.

More specifically, I ran oktad aws ec2 describe-instances and oktad production -- aws ec2 describe-instances with cached credentials simultaneously and all seemed to be well insofar as I could tell that it's using different sets of credentials.

hopkinsth avatar Jun 10 '16 19:06 hopkinsth

Isn't this issue stale now that #15 has been merged? At least when checking on my mac's keychain I can see that credentials are correctly namespaced

endemics avatar Aug 15 '17 08:08 endemics