Add a skip_browser argument to make auto-launching of the default browser optional #182
Conversation
This change allows a user to opt-out of the auto-launching of their default browser which may already have a logged in OIDC session. Since SSO can be a bit tricky to logout/switch users, this provides the user an escape option for more careful handling of the login attempt. Primary use-case is Firefox Containers or users using separate browser profiles to manage multiple logins.
|
I think this looks pretty good and is a useful option. WDYT @austingebauer ? |
There was a problem hiding this comment.
Thanks, @dekimsey! This is a nice option. Left a couple of comments, but things are looking good.
Also, thanks for opening up the docs PR over in Vault 👍
Added a comment regarding the implemented interface
Additionally update internal representation and logic of argument to match
There was a problem hiding this comment.
@dekimsey - One more update to the CLI help text is needed. Otherwise, I tested this out and everything looks good 👍 Thanks again for this contribution.
|
@austingebauer we should also update https://www.vaultproject.io/docs/auth/jwt#oidc-login-cli afterwards |
|
@calvn - The author has already provided a PR for the docs update: hashicorp/vault#12833. Will review and get that merged too. |
minor: Fix whitespacing on the other options to be consistent
dekimsey
changed the title
|
Should I do the squash/rebase or is that done as part of the merge process? |
There was a problem hiding this comment.
@dekimsey - The squash is handled when merging, so you don't need to do it. I'll take care of merging this and getting it into a Vault release. Thanks again for the contribution!
Overview
This change allows a user to opt-out of the auto-launching of their
default browser which may already have a logged in OIDC session. Since
SSO can be a bit tricky to logout/switch users, this provides the user
an escape option for more careful handling of the login attempt.
Primary use-case is Firefox Containers or users using separate browser
profiles to manage multiple logins. If one has an existing SSO session in their default browser,
it becomes impossible to get the vault CLI to login to another session.
Design of Change
A command line flag was added to allow users to opt-out.
Related Issues/Pull Requests
None
Contributor Checklist
[x] hashicorp/vault#12833
[ ] Add output for any tests not ran in CI to the PR description (eg, acceptance tests)
[x] Backwards compatible
NOTE I was unable to test the change, I could not find any docs on how to test the client side changes here. If I could get some instruction/direction on how to do that, I'd be happy to confirm it works as intended.