Support the PKCE authorization_code flow

[danthegoodman]

Is your feature request related to a problem? Please describe. When using the device_code sso login flow, I have to click through two pages in the browser: once to accept the code and second to allow access.

When using the aws-cli version of sso login, it defaults to the PKCE authorization_code flow, which only requires one page to be clicked through.

Describe the solution you'd like It's not that bothersome, but it would be nice to only click once.

Describe alternatives you've considered Not filing a ticket and living with two clicks.

Additional context My gut tells me that you'll need to resolve #1232 for the authorization_code flow to work, but I could be wrong.

[synfinatic]

Talked to AWS and of course the best documentation they've provided so far is not on the AWS website: https://blog.christophetd.fr/pkce-aws-sso/

[djgoku]

@synfinatic I just implemented this and created a few mermaid diagrams for device code and authorization code flow (pkce): https://github.com/djgoku/aws-sso-config-generator/tree/main/images#aws-cli---aws-sso-authorization-code-flow-with-pkce-default

Found this too after implementing: https://github.com/aws/aws-cli/commit/130005af5ea6a75705ed528aaf06d533f449bef9

If you don't think this is an approoriate comment I can delete it.

[synfinatic]

no worries @djgoku

[elovelan]

there's also a PR open for AWS Vault