cli Improve UX for `cf login -sso`

I've been in touch with you guys a while ago on Slack about this feature request. I'd like to contribute a bit of code. It seemed at least some of you liked my idea. I was asked to open a Github issue, so here I am.

What's the user value of this feature request? Currently authenticating with cf login -sso requires you to:

manually open a browser
copy paste UAA url from the cf cli to the browser.
After authenticating in UAA, copy the shown 'temporary authorization code' from the browser.
Paste the 'temporary authorization code' on the stdin of cf cli

I'd like to change this into a user experience similar to the fly cli of concourse:

Browser is opened automatically with the right URL
Authenticate in UAA
CF cli picks up the authorization code automatically, so it means you're done.

Who is the functionality for? User who authenticate to CF using Single Sign On

How often will this functionality be used by the user? Every time an user needs to re-authenticate

Who else is affected by the change? No. Just like with the fly cli, pasting the 'temporary authentication code' on stdin will also still work.

Is your feature request related to a problem? Please describe. Not a problem. Just trying to improve the user experience. Our users find the Single Sign On cumbersome with the copy-pasting currently.

Describe the solution you'd like See the above value proposition

Describe alternatives you've considered I don't think there are any?

Additional context I was thinking to change the cf/commands/login.go Here is the work in progress: https://github.com/SpringerPE/cli/blob/master/cf/commands/login.go

I'm expecting I'll need a change in UAA for this to work, as UAA needs to do a redirect to localhost with the temporary authorization code as query string parameter. Similar to how the oauth redirects work.

Apr 19 '19 10:04 prolane

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/165465152

The labels on this github issue will be updated when the story is started.

Apr 19 '19 10:04 cf-gitbot

Hey @prolane thank you for reaching out! Appreciate it. I'm copying in a few UAA PMs here for their feedback @aramprice @cwang-pivotal on this as well.

We may have mentioned this on Slack but the team is currently rewriting the cf login command so if we were to proceed with this enhancement, it would be good to do so after we are done with the rewrite. Please let me know if you have any questions about this.

Apr 24 '19 17:04 abbyachau

@abbyachau Thanks for your positive reply. Yes, on Slack it was mentioned the team is rewriting the cf login command. I guess it does indeed make sense to make this enhancement when the rewrite is done. Are there some rough timelines?

Apr 25 '19 06:04 prolane

cc @dbeneke (UAA PM)

hey @prolane here is the epic for the cf login rewrite effort: https://www.pivotaltracker.com/epic/show/4186886; and the release marker for it.

Apr 25 '19 16:04 abbyachau

@abbyachau is there an over arching google doc or similar describing where you're going with the new "cf login" epic?

Will oauth-style login be given more focus (e.g. this issue)?

Apr 25 '19 22:04 drnic

Hi @drnic - as part of the ongoing rewriting effort and to prepare for a upcoming feature, we decided to rewrite the final cf login command for the V6 CLI. We will no longer being doing rewrites after login, and expect our efforts to be geared toward 1) exposing features (metadata, rolling deployments, etc) to end users 2) helping with the V7 CLI efforts.

The login epic can be found here see the story for detailed information on changes. You can also review our exploration to get a full sense of the type of exploration and work we did for the command.

I'll detail this in release notes but as per our usual convention with rewrites, we've kept changes to a minimum. Some changes include:

we are using V3 endpoints for retrieving orgs and spaces, which has no user-facing changes for main workflows
we've made standard cosmetic changes, for example, instead of arrows after prompts, we are using colons; we've cleaned up error messages
instead of re-prompting after users are locked out of their account, we exit immediately

Let me know if you have any additional questions/feedback. Thanks.

Apr 29 '19 16:04 abbyachau

Hi @prolane I'm popping by here to let you know that I've not forgotten about this - unfortunately we had some client credential related security issues which derailed our plans to complete the cf login rewrite. We are just about ready to get back to the rewrite, and we'll reach out when we are done so that you can prepare the pull request. Thanks for your patience.

Jun 26 '19 00:06 abbyachau

@abbyachau Thanks for updating, I appreciate it. Do you think there is any chance we can get some UAA people on board as well? You tagged some people in April already, but there never has been a reply from them. My assumption is for this pull request to work, there is also some work needed on UAA side. I would be happy to contribute to that as well, but lets first start with confirming with the UAA team this is really necessary.

Jul 10 '19 13:07 prolane

Looping in the UAA PMs @wc22222, and @dbeneke.

Jul 10 '19 23:07 aramprice

Hey @dbeneke, wondering if the UAA team has any thoughts on @prolane's suggested changes above? Thanks.

Aug 26 '19 16:08 abbyachau

@prolane In your work in progress effort, what UAA dependencies have you encountered? Is it limited to the single change you mentioned: "UAA needs to do a redirect to localhost with the temporary authorization code as query string parameter. Similar to how the oauth redirects work."

Aug 26 '19 17:08 dbeneke

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed.

Sep 27 '24 17:09 github-actions[bot]