M2M auth access token request

README.md

@@ -427,6 +427,8 @@ These settings are optional unless marked otherwise:
 
 | Name | Description | Command line flag | ENV var and .env file value |
 |-----|-----|-----|-----|
+| Custom Authorization Server ID (**required**) | The ID of the Okta custom authorization server | `--authz-id [value]` | `OKTA_AUTHZ_ID` |
+| Key ID (kid) (**required**) | The ID of the key stored in the service app | `--key-id [value]` | `OKTA_AWSCLI_KEY_ID` |
 | Private Key (**required**) | PEM or JWKS format private key whose public key is stored on the service app | `--private-key [value]` | `OKTA_AWSCLI_PRIVATE_KEY` |
 | Custom scope name | The custom scope established in the custom authorization server. Default `okta-aws-cli` | `--custom-scope [value]` | `OKTA_AWSCLI_CUSTOM_SCOPE` |
 

cmd/root/m2m/m2m.go

@@ -17,17 +17,22 @@
 package m2m
 
 import (
-	"fmt"
-	"os"
-
 	"github.com/spf13/cobra"
 
 	"github.com/okta/okta-aws-cli/internal/config"
 	cliFlag "github.com/okta/okta-aws-cli/internal/flag"
+	"github.com/okta/okta-aws-cli/internal/m2mauth"
 )
 
 var (
 	flags = []cliFlag.Flag{
+		{
+			Name:   config.KeyIDFlag,
+			Short:  "i",
+			Value:  "",
+			Usage:  "Key ID",
+			EnvVar: config.KeyIDEnvVar,
+		},
 		{
 			Name:   config.PrivateKeyFlag,
 			Short:  "k",
@@ -42,8 +47,15 @@ var (
 			Usage:  "Custom Scope",
 			EnvVar: config.CustomScopeEnvVar,
 		},
+		{
+			Name:   config.AuthzIDFlag,
+			Short:  "u",
+			Value:  "",
+			Usage:  "Custom Authorization Server ID",
+			EnvVar: config.AuthzIDEnvVar,
+		},
 	}
-	requiredFlags = []string{"org-domain", "oidc-client-id", "aws-iam-role", "private-key"}
+	requiredFlags = []string{"org-domain", "oidc-client-id", "aws-iam-role", "key-id", "private-key", "authz-id"}
 )
 
 // NewM2MCommand Sets up the m2m cobra sub command
@@ -61,14 +73,11 @@ func NewM2MCommand() *cobra.Command {
 				return err
 			}
 
-			fmt.Fprintf(os.Stderr, "WIP - m2m, get to work!\n")
-			fmt.Fprintf(os.Stderr, "Okta Org Domain: %s\n", config.OrgDomain())
-			fmt.Fprintf(os.Stderr, "OIDC Client ID: %s\n", config.OIDCAppID())
-			fmt.Fprintf(os.Stderr, "IAM Role ARN: %s\n", config.AWSIAMRole())
-			fmt.Fprintf(os.Stderr, "Private Key: %s\n", config.PrivateKey())
-			fmt.Fprintf(os.Stderr, "Custom Scope: %s\n", config.CustomScope())
-
-			return nil
+			m2mAuth, err := m2mauth.NewM2MAuthentication(config)
+			if err != nil {
+				return err
+			}
+			return m2mAuth.EstablishIAMCredentials()
 		},
 	}
 

cmd/root/web/web.go

@@ -73,6 +73,13 @@ func NewWebCommand() *cobra.Command {
 				return err
 			}
 
+			// TODO refactor the naming convention
+			// webAuth, err := webauth.NewWebSSOAuthentication(config)
+			// if err != nil {
+			// 	return err
+			// }
+			// return webAuth.EstablishIAMCredentials()
+
 			st, err := sessiontoken.NewSessionToken(config)
 			if err != nil {
 				return err

go.mod

@@ -17,10 +17,14 @@ require (
 	github.com/tidwall/pretty v1.2.0
 	golang.org/x/net v0.7.0
 	golang.org/x/sys v0.5.0
+	gopkg.in/dnaeon/go-vcr.v3 v3.1.2
 	gopkg.in/ini.v1 v1.67.0
+	gopkg.in/square/go-jose.v2 v2.6.0
 	gopkg.in/yaml.v2 v2.4.0
 )
 
+require golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e // indirect
+
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect

go.sum

@@ -234,6 +234,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
 golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e h1:T8NU3HyQ8ClP4SEE+KbFlg6n0NhuTsN4MyznaarGsZM=
+golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -523,9 +525,13 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/dnaeon/go-vcr.v3 v3.1.2 h1:F1smfXBqQqwpVifDfUBQG6zzaGjzT+EnVZakrOdr5wA=
+gopkg.in/dnaeon/go-vcr.v3 v3.1.2/go.mod h1:2IMOnnlx9I6u9x+YBsM3tAMx6AlOxnJ0pWxQAzZ79Ag=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
+gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=