[Feature] Ability to control SSO browser opening separately from --stdout option

[moltar]

Use case: I have a helper script that opens a new Firefox container for each profile, thereby allowing multiple sessions at the same time.

This script uses the -s option to get the session URL and then pipes the output into the firefox-container script.

However, I am not running the script from the terminal. It runs inside an Alfred Workflow, which does not print the output anywhere, so I cannot see the SSO login link.

This used to work fine in <@6.6.1, and it broke when #892 was introduced.

In my use case opening the browser for SSO was necessary, and then all of the session URLs I wanted to go into STDOUT to be captured into a variable.

Here's my script:

AWS_PROFILE=$1
AWS_LOGIN_URL=$(/usr/local/bin/aws-vault login -s "$AWS_PROFILE")

"$HOME/bin/firefox-container" --name "aws-$AWS_PROFILE" --orange --fingerprint "$AWS_LOGIN_URL"

It now breaks, because SSO login URL is piped into STDERR and is no longer opening the browser.

❯ ./launch.sh profile-name
+ AWS_PROFILE=profile-name
++ /usr/local/bin/aws-vault login -s profile-name
Open the SSO authorization page in a browser (use Ctrl-C to abort)
https://device.sso.region.amazonaws.com/?user_code=XYZ-XYZ

---

Relevant issues:

• With login, SSOUseStdout should follow --stdout #892
• aws-vault login with --stdout opens the browser for authorization #868
• --stdout flag not working since updating to MacOS 13.0 (22A380) (Ventura) #1069
• Feature: support non-default browser launching for SSO/Login #959
• Feature: Make usage of Firefox containers #755

[farhansaed]

I having the same problem I was capturing the SSO login URL with av login -s command and using it to open multiple brave browser windows for different aws accounts. It stopped working after 6.6.1 upgrade.
I think PR #892 broke more things than it resolved.
If instead of opening default browser just login-url is required introduce a new option -a (get sso authorization URL) and keep -s functionality same as before in previous version.

So effectively PR #892 broke the logic since running aws-vault login -s with SSO profiles first gives you an authorization link for the device which opens default browser (usually default browser is one where you are most likely to be signed in with your SSO identity provider.) so you sign in and it gives you console URL and doesn't open up another tab in the default browser. You can capture the URL (due to -s flag) and use it in another browser like brave or vivaldi etc.

@moltar @mtibben

[mtibben]

Reverted in v6.6.2

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

[moltar]

Stale not

[github-actions]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.