fastly
feat(sso): support active session account switching
[!WARNING] This PR doesn't work. The use of
login_hint=<email>doesn't appear to allow account switching. Read below for more details.
I started to implement the use of login_hint=<email> for a user who wants to switch from one profile to another, but to do it I wanted to have two separate profiles that were both SSO-based so that I could see the switch happen for the sake of my manual testing.
The problem then became apparent. I was able to successfully create an SSO-based profile with the first email, but when I ran the command again to create another SSO-based profile ...it ended up using the first active session to create the second profile (which I didn't want it to do).
I then thought "OK, I'll set login_hint=<email> not just for switching profiles but when I'm creating or updating a profile, just in case there is a pre-existing session still active it'll force an account switch/re-authentication".
But then I realised I can't do that with 'create' because I need login_hint to be an email, and we don't prompt a user for an email, just a 'name' for the profile. The 'email' is something that's automatically returned after authenticating.
So the 'create' problem isn't solved and there appears to be an additional issue with 'update'. To explain, I kept the second SSO profile that was created using the existing session, and decided I would just manually change the email in the CLI config to the second email. The thinking was that when I try to run fastly update the login_hint would be set to the second email and that would at least allow me to see the account switching happen. But it didn't work. So I feel like there is something else missing in this PR's implementation.
