feat: configurable totp time

README.md

@@ -33,6 +33,10 @@ It also masks the actual values in the logs for added security.
 - `okta_app_url` can be obtained by right clicking the Okta tile for you AWS account. This setup allows for federated login to different AWS accounts.
 - `okta_password` & `okta_mfa_seed` can be set via environment variables `${{ env.OKTA_MFA_SEED }}` although it is not recommended to do so as it can leak secrets. Github repo secrets are the easiest way but if you manage secrets via some other mechanism, you can also use them - these are just normal inputs, you can pass them anything.
 
+## Options
+
+For a list of options and their descriptions, check out `action.yml`.
+
 ## Can I use this
 
 You can use this if you're doing **all** of this:

action.yml

@@ -7,7 +7,7 @@ inputs:
   okta_username:
     description: "Username of your Okta login (usually your email)"
     required: true
-  okta_passowrd:
+  okta_password:
     description: "Password of your Okta login"
     required: true
   okta_app_url:
@@ -20,9 +20,13 @@ inputs:
     description: "Okta MFA Method (https://developer.okta.com/docs/reference/api/factors/)"
     required: false
     default: "token:software:totp"
+  totp_time_slot:
+    description: "Time slot (in seconds) for which OTP is valid"
+    required: false
+    default: 10
 runs:
   using: "docker"
   image: "Dockerfile"
 branding:
-  icon: 'unlock'  
-  color: 'orange'
+  icon: "unlock"
+  color: "orange"

entrypoint.sh

@@ -8,16 +8,16 @@ config="${awsDir}/config"
 credentials="${awsDir}/credentials"
 
 mkdir -p "${awsDir}"
-echo -e "[profile default]\noutput = json" >> "$config"
+echo -e "[profile default]\noutput = json" >>"$config"
 
 # Attempt to get aws credentials via tokendito
 max_attempts=10
-totp_time=30
-for ((attempts = 1; attempts <= $max_attempts ; attempts++)); do
+totp_time=${INPUT_TOTP_TIME_SLOT:=10}
+for ((attempts = 1; attempts <= $max_attempts; attempts++)); do
     tokendito --aws-profile default -ou $INPUT_OKTA_APP_URL -R $INPUT_AWS_ROLE_ARN \
         --username $INPUT_OKTA_USERNAME --password $INPUT_OKTA_PASSWORD \
         --mfa-method ${INPUT_OKTA_MFA_METHOD:=token:software:totp} \
-        --mfa-response $(echo $INPUT_OKTA_MFA_SEED | mintotp ${totp_time}) >> /dev/null
+        --mfa-response $(echo $INPUT_OKTA_MFA_SEED | mintotp ${totp_time}) >>/dev/null
 
     if [[ $? == 0 ]]; then
         echo "Succeeded getting credentials in attempt #${attempts}."
@@ -29,7 +29,7 @@ for ((attempts = 1; attempts <= $max_attempts ; attempts++)); do
     sleep ${totp_time}
 done
 
-if [[ $attempts == $((max_attempts+1)) ]]; then
+if [[ $attempts == $((max_attempts + 1)) ]]; then
     echo "Giving up requesting credentials after ${max_attempts} attempts."
     exit 1
 fi
@@ -63,4 +63,4 @@ while read -r line; do
             echo "::add-mask::${aws_session_token}"
         fi
     fi
-done < "$credentials"
+done <"$credentials"