diff --git a/go.mod b/go.mod index e20b624..a733b2b 100644 --- a/go.mod +++ b/go.mod @@ -8,6 +8,7 @@ require ( github.com/aws/aws-sdk-go v1.44.94 github.com/cenkalti/backoff/v4 v4.1.3 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 + github.com/google/uuid v1.1.2 github.com/logrusorgru/aurora v2.0.3+incompatible github.com/mattn/go-isatty v0.0.16 github.com/mdp/qrterminal v1.0.1 diff --git a/go.sum b/go.sum index e1940e8..5f6370b 100644 --- a/go.sum +++ b/go.sum @@ -129,6 +129,7 @@ github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLe github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= +github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= diff --git a/internal/m2mauth/m2mauth.go b/internal/m2mauth/m2mauth.go index 5840a3e..b135de5 100644 --- a/internal/m2mauth/m2mauth.go +++ b/internal/m2mauth/m2mauth.go @@ -33,6 +33,7 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/sts" + "github.com/google/uuid" oaws "github.com/okta/okta-aws-cli/internal/aws" "github.com/okta/okta-aws-cli/internal/config" "github.com/okta/okta-aws-cli/internal/exec" @@ -209,6 +210,7 @@ func (m *M2MAuthentication) makeClientAssertion() (string, error) { Expiry: jwt.NewNumericDate(now.Add(time.Hour * time.Duration(1))), Issuer: m.config.OIDCAppID(), Audience: tokenRequestURL, + ID: uuid.New().String(), } jwtBuilder := jwt.Signed(privateKeySinger).Claims(claims)