fortify
fcli ssc session login : session validation needed when creating the session with -t
fcli ssc session login : session validation needed when creating the session with -t right now seems that there are validation IF -u and -p was used but NOT -t when creating the session with a wrong credential
Correct; when authenticating with username/password, the login command will connect to SSC to generate a UnifiedLoginToken and will fail if the credentials are incorrect. When passing a pre-generated token, we just store it without trying any SSC request.
Main issue with validating the provided token is that fcli cannot know what actions are allowed by this token, so if we invoke an arbitrary SSC endpoint, the request may still fail even if the token is valid for other endpoints. I guess most standard SSC tokens may allow access to the projectVersions endpoint, so we can potentially call this endpoint to validate the token, but then we should also provide an option to bypass this check in case a user wants to use a token that doesn't allow access to this endpoint.
