Fix keyring when using two different okta URLs with same username but different passwords

[ldeflandre]

Description

Creating PR on behalf of @ChaseWagoner that has perfectly describes the issue in #263 and come up with this change.

Related Issue

#263

Motivation and Context

I have one account in each of two Okta orgs (org1 and org2). The accounts have identical usernames (e.g. cwagoner), but unique passwords.

I configured a profile for each org, using e.g. https://org1.okta.com and https://org2.okta.com.

$ gimme-aws-creds --profile org1 and opt to save the password in the keyring. Keyring result (keys taken from macOS's Keychain Access):

Kind: application password
Account: cwagoner
Where: gimme-aws-creds

$ gimme-aws-creds --profile org2 output:

Using password from keyring for cwagoner
Stored password is invalid, clearing.  Please try again
LOGIN ERROR: Authentication failed | Error Code: E0000004

Undesirable results:

The password for cwagoner in org1 has been removed from the keyring; it must be entered again next time I use that profile.
If I run the second command again and enter the correct org2 password, I'll simply face the same issue the next time I try to use profile org1

How Has This Been Tested?

Using two okta profiles with same username but different okta_url, passwords for each profile are now correctly stored and used in a dedicated keyring entry.

> gimme-aws-creds --profile int
Using password from keyring for ldeflandre
Saving <role> as <aws_int_profile>
Written profile <aws_int_profile> to /Users/ldeflandre/.aws/credentials


> gimme-aws-creds --profile ext
Using password from keyring for ldeflandre
Multi-factor Authentication required.
Okta Verify App: SmartPhone_Android: <device> selected
Okta Verify push sent...
Saving <role> as <aws_ext_profile>
Written profile <aws_ext_profile> to /Users/ldeflandre/.aws/credentials

After upgrade previously stored password is invalidated.

Screenshots (if appropriate):

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my changes.
• All new and existing tests passed.

[epierce]

What platforms have you tested this on? It works fine on macOS, but I want to make sure that the keyring handles the new username format on Windows

[ldeflandre]

We have tested it only on MacOS also. I don’t have other machines at hands sorry.

uname -a

Darwin C02ZNG1HMD6P 21.6.0 Darwin Kernel Version 21.6.0: Mon Aug 22 20:17:10 PDT 2022; root:xnu-8020.140.49~2/RELEASE_X86_64 x86_64 From: Eric Pierce ***@***.***> Date: Wednesday, 23 November 2022 at 19:20 To: Nike-Inc/gimme-aws-creds ***@***.***> Cc: Louis Deflandre ***@***.***>, Author ***@***.***> Subject: [EXTERNAL] Re: [Nike-Inc/gimme-aws-creds] Fix keyring when using two different okta URLs with same username but different passwords (PR #357) What platforms have you tested this on? It works fine on macOS, but I want to make sure that the keyring handles the new username format on Windows — Reply to this email directly, view it on GitHub<https://urldefense.com/v3/__https:/github.com/Nike-Inc/gimme-aws-creds/pull/357*issuecomment-1325483835__;Iw!!JqsUqw!yusW4bDG6ZfQs31R-VznHWZdDiYiaD1T5jtsmCEF384Pf7YyaOxptyVPBlPJuBkH1KvfWmmp7ksxbwbdH-9ArMs$>, or unsubscribe<https://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/ABUJLYYXHIAZYVOH54BG7YTWJZN7RANCNFSM52EX4W2Q__;!!JqsUqw!yusW4bDG6ZfQs31R-VznHWZdDiYiaD1T5jtsmCEF384Pf7YyaOxptyVPBlPJuBkH1KvfWmmp7ksxbwbd7F__G88$>. You are receiving this because you authored the thread.Message ID: ***@***.***>

…

________________________________ *EXTERNAL MESSAGE WARNING: This email originated from outside of Cornerstone. Do not click links or open attachments unless you recognize the sender and know the content is safe. Please see this wiki for more information on email safety: https://wiki.cornerstoneondemand.com/display/ISS/Security+Awareness This message, together with any attachments, is intended only for the use of the individual or entity to which it is addressed and may contain confidential and/or privileged information. If you are not the intended recipient(s), or the employee or agent responsible for delivery of this message to the intended recipient(s), you are hereby notified that any dissemination, distribution or copying of this message, or any attachment, is strictly prohibited. If you have received this message in error, please immediately notify the sender and delete the message, together with any attachments, from your computer. Thank you for your cooperation.