Accessing secrets when MFA is enabled

[divekarvinit]

Hello,

Version: 1.7.0
App: .Net 6 Web API

I am unable to use the extension when I have an MFA enabled.

I use the CredentialProfileStoreChain to get AWS credential the following wasy as shown in an example.

var chain = new Amazon.Runtime.CredentialManagement.CredentialProfileStoreChain();
_ = chain.TryGetProfile("nzp", out var prof);
var credentials = prof.GetAWSCredentials(prof.CredentialProfileStore);
builder.Configuration.AddSecretsManager(credentials: credentials, region:prof.Region, configurator: config =>
{
    config.KeyGenerator = (_, name) => name
        .Replace("__", ":");
});

I have a profile setup the following way.
.aws\config file

[default]

output = json

region = ap-southeast-2


[profile nzp]

source_profile = default

role_arn = arn:aws:iam::<account_id>:role/<role_name>

mfa_serial = arn:aws:iam::<account_id>:mfa/<user_id>

region = ap-southeast-2

I get following exception when secret manager is added.
Error calling AssumeRole for role arn:aws:iam::<account_id>:role/<role_name>

With inner exception as:
The MfaSerialNumber has been set but the MfaTokenCodeCallback hasn't. MfaTokenCodeCallback is required in order to determine the MfaTokenCode when MfaSerialNumber is set.

I tried following an example of getting an MFA. But unfortunately cannot use Console in Web API project.

[Kralizek]

Hi, sorry for the late answer.

I've never tested the library when MFA is enabled.

Could you please explain your use case?