[Feature] Ability to control SSO browser opening separately from `--stdout` option

Question

[Feature] Ability to control SSO browser opening separately from `--stdout` option

moltar opened this issue 2 years ago · comments

Use case: I have a helper script that opens a new Firefox container for each profile, thereby allowing multiple sessions at the same time.

This script uses the -s option to get the session URL and then pipes the output into the firefox-container script.

However, I am not running the script from the terminal. It runs inside an Alfred Workflow, which does not print the output anywhere, so I cannot see the SSO login link.

This used to work fine in <@6.6.1, and it broke when #892 was introduced.

In my use case opening the browser for SSO was necessary, and then all of the session URLs I wanted to go into STDOUT to be captured into a variable.

Here's my script:

AWS_PROFILE=$1
AWS_LOGIN_URL=$(/usr/local/bin/aws-vault login -s "$AWS_PROFILE")

"$HOME/bin/firefox-container" --name "aws-$AWS_PROFILE" --orange --fingerprint "$AWS_LOGIN_URL"

It now breaks, because SSO login URL is piped into STDERR and is no longer opening the browser.

❯ ./launch.sh profile-name
+ AWS_PROFILE=profile-name
++ /usr/local/bin/aws-vault login -s profile-name
Open the SSO authorization page in a browser (use Ctrl-C to abort)
https://device.sso.region.amazonaws.com/?user_code=XYZ-XYZ

Relevant issues:

Roman commented a year ago

Stale not

Farhan Saeed · Answer 1 · Wed Jan 11 2023 08:10:15 GMT+0800 (China Standard Time)

I having the same problem I was capturing the SSO login URL with av login -s command and using it to open multiple brave browser windows for different aws accounts. It stopped working after 6.6.1 upgrade.
I think PR #892 broke more things than it resolved.
If instead of opening default browser just login-url is required introduce a new option -a (get sso authorization URL) and keep -s functionality same as before in previous version.

So effectively PR #892 broke the logic since running aws-vault login -s with SSO profiles first gives you an authorization link for the device which opens default browser (usually default browser is one where you are most likely to be signed in with your SSO identity provider.) so you sign in and it gives you console URL and doesn't open up another tab in the default browser. You can capture the URL (due to -s flag) and use it in another browser like brave or vivaldi etc.

@moltar @mtibben

Michael Tibben · Answer 2 · Tue Jan 17 2023 08:20:51 GMT+0800 (China Standard Time)

Reverted in v6.6.2

github-actions · Answer 3 · Sun Jul 16 2023 18:22:53 GMT+0800 (China Standard Time)

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.