Getting authorization error when AWS Fed application assignment type is Group

[nsharma-fy]

Getting error which authorizing with a user with Group assignment in AWS Fed Okta Application

It works fine with an user which has Individual assignment. Tried converting Group to Individual and it worked for the same user

Expected Behavior

AWS keys should be generated after Okta MFA

Current Behavior

Getting Below error when running gimme-aws-creds

The system web browser will open the following URL to begin Okta device authorization:

https://org-name.oktapreview.com/activate?user_code=XWSJVWFP
..
(after authorizing) 
..
Traceback (most recent call last):
 vac File "/Users/nsharma/tmphome/venv/bin/gimme-aws-creds", line 17, in <module>
    GimmeAWSCreds().run()
    ~~~~~~~~~~~~~~~~~~~^^
  File "/Users/nsharma/tmphome/venv/lib/python3.13/site-packages/gimme_aws_creds/main.py", line 453, in run
    self._run()
    ~~~~~~~~~^^
  File "/Users/nsharma/tmphome/venv/lib/python3.13/site-packages/gimme_aws_creds/main.py", line 876, in _run
    for data in self.iter_selected_aws_credentials():
                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^
  File "/Users/nsharma/tmphome/venv/lib/python3.13/site-packages/gimme_aws_creds/main.py", line 845, in iter_selected_aws_credentials
    aws_results = executor.map(generate_credentials_prepare_data, self.aws_selected_roles)
                                                                  ^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/nsharma/tmphome/venv/lib/python3.13/site-packages/gimme_aws_creds/main.py", line 727, in aws_selected_roles
    selected_roles = self._get_selected_roles(self.requested_roles, self.aws_roles)
                                                                    ^^^^^^^^^^^^^^
  File "/Users/nsharma/tmphome/venv/lib/python3.13/site-packages/gimme_aws_creds/main.py", line 718, in aws_roles
    self.saml_data['SAMLResponse'],
    ^^^^^^^^^^^^^^
  File "/Users/nsharma/tmphome/venv/lib/python3.13/site-packages/gimme_aws_creds/main.py", line 709, in saml_data
    self._cache['saml_data'] = saml_data = self.okta.get_saml_response(self.aws_app['links']['appLink'], self.auth_session)
                                           ~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/nsharma/tmphome/venv/lib/python3.13/site-packages/gimme_aws_creds/okta_identity_engine.py", line 167, in get_saml_response
    web_sso_token = self._web_sso_token_exchange(app_id, auth_session['access_token'], auth_session['id_token'])
  File "/Users/nsharma/tmphome/venv/lib/python3.13/site-packages/gimme_aws_creds/okta_identity_engine.py", line 160, in _web_sso_token_exchange
    response.raise_for_status()
    ~~~~~~~~~~~~~~~~~~~~~~~~~^^
  File "/Users/nsharma/tmphome/venv/lib/python3.13/site-packages/requests/models.py", line 1024, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 400 Client Error: Bad Request for url: https://org-name.oktapreview.com/oauth2/v1/token

Possible Solution

N/A

Steps to Reproduce (for bugs)

~/.okta_aws_login_config file contents

[DEFAULT]
okta_org_url = https://org-name.oktapreview.com
okta_auth_server =
client_id = <client_id>
gimme_creds_server = appurl
aws_appname =
aws_rolename = <role arn>
write_aws_creds = True
cred_profile = role
app_url = <app url>
resolve_aws_alias = False
include_path = False
preferred_mfa_type =
remember_device = n
aws_default_duration = 3600
output_format =
force_classic = False
open_browser = True
enable_keychain = y

Context

Your Environment

• App Version used: gimme-aws-creds
• Environment name and version: 2.8.2
• Operating System and version: Mac OS X Darwin Kernel Version 24.1.0