cli icon indicating copy to clipboard operation
cli copied to clipboard

feat(sso): support active session account switching

Open Integralist opened this issue 1 year ago • 0 comments

[!WARNING] This PR doesn't work. The use of login_hint=<email> doesn't appear to allow account switching. Read below for more details.

I started to implement the use of login_hint=<email> for a user who wants to switch from one profile to another, but to do it I wanted to have two separate profiles that were both SSO-based so that I could see the switch happen for the sake of my manual testing.

The problem then became apparent. I was able to successfully create an SSO-based profile with the first email, but when I ran the command again to create another SSO-based profile ...it ended up using the first active session to create the second profile (which I didn't want it to do).

I then thought "OK, I'll set login_hint=<email> not just for switching profiles but when I'm creating or updating a profile, just in case there is a pre-existing session still active it'll force an account switch/re-authentication".

But then I realised I can't do that with 'create' because I need login_hint to be an email, and we don't prompt a user for an email, just a 'name' for the profile. The 'email' is something that's automatically returned after authenticating.

So the 'create' problem isn't solved and there appears to be an additional issue with 'update'. To explain, I kept the second SSO profile that was created using the existing session, and decided I would just manually change the email in the CLI config to the second email. The thinking was that when I try to run fastly update the login_hint would be set to the second email and that would at least allow me to see the account switching happen. But it didn't work. So I feel like there is something else missing in this PR's implementation.

Integralist avatar May 16 '24 17:05 Integralist