Ben Kehoe

Needed in the FAQ, because people will try this immediately: * Can I use an object for the collection instead of a list? * Can I output a list instead...

The fundamental problem here is that the OAuth spec assumes a browser. There are no widely-implemented standards for a programmatic interactive auth API. The CLI uses the [OAuth Device Authorization...

The main point is, even if every IdP provided a programmatic authentication interface, unless they *all* implemented a common interface, AWS SSO/Identity Center wouldn't be able to use it, because...

Note that the API, and the associated OAuth spec, do not expose what IdP is being used (on purpose, it's supposed to be irrelevant to the client).

It's GetPolicy, the arn is like "arn:aws:iam::aws:policy/AWSLambdaFullAccess"

Ah I see, I didn't look hard enough (i.e. at all) at the output of aws-cli, just that it completed without errors.

Let me see about merging them with the refactor branch. If I run into any snags I'll let you know.

Pinging about this, since it crops up fairly often for me. As an example, a recent change to botocore in 1.29.10 is causing issues in one of my projects https://github.com/benkehoe/aws-sso-util/issues/83...

I just use `boto3._get_default_session()` directly; "private" in Python is a naming convention, not an enforced boundary, and it's very unlikely that this particular function itself would get removed or changed...

Type hints were introduced in Python 3.5 (see [PEP 484](https://www.python.org/dev/peps/pep-0484/)). boto3 currently still supports Python 2.7, and the code would have a syntax error in 2.7 if there were type...