CLI application that handled federated authentication for AWS users

• An OIDC provider like Auth0
• A well-known openid-configuration URL
• An Auth0 application created
  • Type : Native
  • Allowed Callback URLs : A list of the localhost URLs created from the POSSIBLE_PORTS list of ports
  • The client_id for this application will be used in the CLI config file
• An AWS Identity provider
  • with an audience value of the Auth0 application client_id
  • with a valid thumbprint

cp config.yaml.inc config.yaml

• well_known_url: The OpenID Connect Discovery Endpoint URL. (Auth0)
• client_id: The Auth0 client_id generated when the Auth0 application was created in the prerequisites
• scope: A space delimited list of OpenID Connect Scopes. For example openid and the scope where access control information is made available. Mozilla SSO would use openid https://sso.mozilla.com/claim/groups

python federated_boto/cli.py --role-arn arn:aws:iam::123456789012:role/example-role

# https://community.auth0.com/t/custom-claims-without-namespace/10999
# https://community.auth0.com/t/how-to-set-audience-for-aws-iam-identity-provider-configuration/12951