-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a skip_browser argument to make auto-launching of the default browser optional #182
Add a skip_browser argument to make auto-launching of the default browser optional #182
Conversation
This change allows a user to opt-out of the auto-launching of their default browser which may already have a logged in OIDC session. Since SSO can be a bit tricky to logout/switch users, this provides the user an escape option for more careful handling of the login attempt. Primary use-case is Firefox Containers or users using separate browser profiles to manage multiple logins.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! This is a pain point for me too, and I was just about to work on implementing this.
I think this looks pretty good and is a useful option. WDYT @austingebauer ? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, @dekimsey! This is a nice option. Left a couple of comments, but things are looking good.
Also, thanks for opening up the docs PR over in Vault 👍
Added a comment regarding the implemented interface
Additionally update internal representation and logic of argument to match
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dekimsey - One more update to the CLI help text is needed. Otherwise, I tested this out and everything looks good 👍 Thanks again for this contribution.
@austingebauer we should also update https://www.vaultproject.io/docs/auth/jwt#oidc-login-cli afterwards |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, pending Austin's last comment on the help text!
@calvn - The author has already provided a PR for the docs update: hashicorp/vault#12833. Will review and get that merged too. |
minor: Fix whitespacing on the other options to be consistent
Should I do the squash/rebase or is that done as part of the merge process? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dekimsey - The squash is handled when merging, so you don't need to do it. I'll take care of merging this and getting it into a Vault release. Thanks again for the contribution!
Overview
This change allows a user to opt-out of the auto-launching of their
default browser which may already have a logged in OIDC session. Since
SSO can be a bit tricky to logout/switch users, this provides the user
an escape option for more careful handling of the login attempt.
Primary use-case is Firefox Containers or users using separate browser
profiles to manage multiple logins. If one has an existing SSO session in their default browser,
it becomes impossible to get the vault CLI to login to another session.
Design of Change
A command line flag was added to allow users to opt-out.
Related Issues/Pull Requests
None
Contributor Checklist
[x] hashicorp/vault#12833
[ ] Add output for any tests not ran in CI to the PR description (eg, acceptance tests)
[x] Backwards compatible
NOTE I was unable to test the change, I could not find any docs on how to test the client side changes here. If I could get some instruction/direction on how to do that, I'd be happy to confirm it works as intended.