From 4f2c5df6da7c9c2250c33f73193fc2efecf69bb6 Mon Sep 17 00:00:00 2001
From: Sergiu Ghitea <sergiu.ghitea@okta.com>
Date: Fri, 9 Dec 2022 17:12:45 +0100
Subject: [PATCH] Apply some improvements to the login mechanism

---
 internal/auth/auth.go            |  4 ++--
 internal/cli/cli.go              | 27 ++++++++++++++++++---------
 internal/cli/login.go            | 19 +++++++++++--------
 test/integration/test-cases.yaml |  5 -----
 4 files changed, 31 insertions(+), 24 deletions(-)

diff --git a/internal/auth/auth.go b/internal/auth/auth.go
index 2a61fdc1b..9955fe8e3 100644
--- a/internal/auth/auth.go
+++ b/internal/auth/auth.go
@@ -288,7 +288,7 @@ type ClientCredentials struct {
 }
 
 // GetAccessTokenFromClientCreds generates an access token from client credentials
-func GetAccessTokenFromClientCreds(args ClientCredentials) (Result, error) {
+func GetAccessTokenFromClientCreds(ctx context.Context, args ClientCredentials) (Result, error) {
 	u, err := url.Parse("https://" + args.Domain)
 	if err != nil {
 		return Result{}, err
@@ -305,7 +305,7 @@ func GetAccessTokenFromClientCreds(args ClientCredentials) (Result, error) {
 		},
 	}
 
-	resp, err := credsConfig.Token(context.Background())
+	resp, err := credsConfig.Token(ctx)
 	if err != nil {
 		return Result{}, err
 	}
diff --git a/internal/cli/cli.go b/internal/cli/cli.go
index 51c5e55ac..c98224b15 100644
--- a/internal/cli/cli.go
+++ b/internal/cli/cli.go
@@ -21,6 +21,7 @@ import (
 	"github.com/spf13/pflag"
 
 	"github.com/auth0/auth0-cli/internal/analytics"
+	"github.com/auth0/auth0-cli/internal/ansi"
 	"github.com/auth0/auth0-cli/internal/auth"
 	"github.com/auth0/auth0-cli/internal/auth0"
 	"github.com/auth0/auth0-cli/internal/buildinfo"
@@ -109,11 +110,14 @@ func (t *Tenant) hasExpiredToken() bool {
 
 func (t *Tenant) regenerateAccessToken(ctx context.Context, c *cli) error {
 	if t.authenticatedWithClientCredentials() {
-		token, err := auth.GetAccessTokenFromClientCreds(auth.ClientCredentials{
-			ClientID:     t.ClientID,
-			ClientSecret: t.ClientSecret,
-			Domain:       t.Domain,
-		})
+		token, err := auth.GetAccessTokenFromClientCreds(
+			ctx,
+			auth.ClientCredentials{
+				ClientID:     t.ClientID,
+				ClientSecret: t.ClientSecret,
+				Domain:       t.Domain,
+			},
+		)
 		if err != nil {
 			return err
 		}
@@ -208,7 +212,7 @@ func (c *cli) prepareTenant(ctx context.Context) (Tenant, error) {
 	}
 
 	if scopesChanged(t) && t.authenticatedWithDeviceCodeFlow() {
-		c.renderer.Warnf("Required scopes have changed. Please log in to re-authorize the CLI.")
+		c.renderer.Warnf("Required scopes have changed. Please log in to re-authorize the CLI.\n")
 		return RunLoginAsUser(ctx, c)
 	}
 
@@ -218,12 +222,17 @@ func (c *cli) prepareTenant(ctx context.Context) (Tenant, error) {
 
 	if err := t.regenerateAccessToken(ctx, c); err != nil {
 		if t.authenticatedWithClientCredentials() {
-			return t, fmt.Errorf("Failed to renew access token. This may occur if the designated application has been deleted or client secret has been rotated. Please re-authenticate by running `auth0 login --as-machine`")
+			return t, fmt.Errorf(
+				"failed to fetch access token using client credentials.\n\n"+
+					"This may occur if the designated application has been deleted or the client secret has been rotated.\n\n"+
+					"Please re-authenticate by running: %s",
+				ansi.Bold("auth0 login --domain <tenant-domain --client-id <client-id> --client-secret <client-secret>"),
+			)
 		}
 
-		c.renderer.Warnf("Failed to renew access token. Please log in to re-authorize the CLI.")
-		return RunLoginAsUser(ctx, c)
+		c.renderer.Warnf("Failed to renew access token. Please log in to re-authorize the CLI.\n")
 
+		return RunLoginAsUser(ctx, c)
 	}
 
 	if err := c.addTenant(t); err != nil {
diff --git a/internal/cli/login.go b/internal/cli/login.go
index f1a8a2360..60a013a4b 100644
--- a/internal/cli/login.go
+++ b/internal/cli/login.go
@@ -77,7 +77,6 @@ auth0 login --domain <tenant-domain> --client-id <client-id> --client-secret <cl
 				}
 			}
 
-			cli.renderer.Infof("Successfully authenticated to %s", inputs.Domain)
 			cli.tracker.TrackCommandRun(cmd, cli.config.InstallID)
 
 			return nil
@@ -92,7 +91,6 @@ auth0 login --domain <tenant-domain> --client-id <client-id> --client-secret <cl
 	cmd.SetHelpFunc(func(cmd *cobra.Command, args []string) {
 		_ = cmd.Flags().MarkHidden("tenant")
 		_ = cmd.Flags().MarkHidden("json")
-		_ = cmd.Flags().MarkHidden("no-input")
 		cmd.Parent().HelpFunc()(cmd, args)
 	})
 
@@ -201,13 +199,18 @@ func RunLoginAsMachine(ctx context.Context, inputs LoginInputs, cli *cli, cmd *c
 		return err
 	}
 
-	token, err := auth.GetAccessTokenFromClientCreds(auth.ClientCredentials{
-		ClientID:     inputs.ClientID,
-		ClientSecret: inputs.ClientSecret,
-		Domain:       inputs.Domain,
-	})
+	token, err := auth.GetAccessTokenFromClientCreds(
+		ctx,
+		auth.ClientCredentials{
+			ClientID:     inputs.ClientID,
+			ClientSecret: inputs.ClientSecret,
+			Domain:       inputs.Domain,
+		},
+	)
 	if err != nil {
-		return err
+		return fmt.Errorf(
+			"failed to fetch access token using client credentials. \n\n"+
+				"Ensure that the provided client-id, client-secret and domain are correct. \n\nerror: %w\n", err)
 	}
 
 	t := Tenant{
diff --git a/test/integration/test-cases.yaml b/test/integration/test-cases.yaml
index e0bd30e39..8457936a6 100644
--- a/test/integration/test-cases.yaml
+++ b/test/integration/test-cases.yaml
@@ -2,11 +2,6 @@ config:
   inherit-env: true
 
 tests:
-  login as machine:
-    command: auth0 logout $AUTH0_CLI_CLIENT_DOMAIN; auth0 login --client-id $AUTH0_CLI_CLIENT_ID --client-secret $AUTH0_CLI_CLIENT_SECRET --domain $AUTH0_CLI_CLIENT_DOMAIN
-    stderr: "Successfully authenticated to"
-    exit-code: 0
-
   auth0 apis list:
     exit-code: 0