Okta is a proprietary identity authentication service.

Documentation

api docs	https://developer.okta.com/docs/reference/api/authn/
okta_authn_mfa.sh	https://github.com/oktadeveloper/okta-cli-mfa-example/blob/master/okta_authn_mfa.sh

Tutorials

MFA on cli

https://developer.okta.com/blog/2018/06/22/multi-factor-authentication-command-line

Authorization

Commandline

NOTE:

I was able to complete authentication, but never figured out how to access resources behind it... I'm guessing the token gets set as a header somewhere?

sudo pacman -S bash jq
# inspired by: https://raw.githubusercontent.com/oktadeveloper/okta-cli-mfa-example/master/okta_authn_mfa.sh

USERNAME=foo
PASSWORD=bar
DOMAIN=xyz.okta.com

auth_reply=$(curl -s -X POST \
  -H "Content-Type: application/json" \
  -d "{\"username\": \"${USERNAME}\", \"password\": \"${PASSWORD}\"}" \
  ${DOMAIN}/api/v1/authn)

status=$(echo $auth_reply | jq -r '.status')

if [[ "$status" == "SUCCESS" ]] ; then
  token=$(echo $auth_reply | jq -r '.sessionToken')
  factortype=$(echo $auth_reply | jq -r '._embedded.factors[0].factorType')
  provider=$(echo $auth_reply | jq -r '._embedded.factors[0].provider')
  verify_url=$(echo $auth_reply | jq -r '._embedded.factors[0]._links.verify.href')

  echo "Please enter code from $provider auth app: "
  read code_from_auth_app
  if [[ "$factortype" == "token:software:totp" ]] ; then
    verify_reply=$(curl -s -X POST \
      -H "Accept: application/json" \
      -H "Content-Type: application/json" \
      -d "{
        \"stateToken\": \"${token}\",
        \"passCode\": \"${code_from_auth_app}\",
      }" ${verify_url})
    status=$(echo $verify_reply | jq -r '.status')
    token=$(echo $verify_reply | jq -r '.sessionToken')

    # my understanding is that here you are "logged in"
    # .. still uncertain how to access underlying resources (ex: slack) ..
  else
    # ... other factortypes (see apidocs) ...
  fi
fi