AWS CLI V2 AWS SSO Manual Prompt

[spensireli]

Is your feature request related to a problem? Please describe.

When performing "aws sso login --profile someprofile" and then login to the environment, AWS SSO automatically launches the browser as expected in the documentation.

One problem that we are seeing is when using the integration with Azure Active Directory. It will try to automatically login using an AAD user id that might already be logged in.

In our enterprise we have multiple user accounts, one of them being an administrative account separate from a regular user account. We often use different sessions / browsers that are authenticated at the time. The default browser is more often than not, the regular account and not the required administrative account.

Since it tries to auto-login and fails you cannot copy and paste the URL in a different browser with the same token.

Describe the solution you'd like

A switch that can be passed to prevent the automatic opening of the browser. Alternatively the passing of credentials to the IDP could include the force selection of which profile to login. I believe the easiest and most attainable interim solution is an additional switch that does not automatically launch the browser but would require the user to copy / paste to selected destination.

aws sso login --no-prompt

or

aws sso login --no-browser

Describe alternatives you've considered

The current work around is to login to the default browser with our administrative account. This is not always desirable.

[nfplatzke]

We need this. The latest version of chrome just broke the automated login and the only way to get around this issue is to change your default browser to something else. It's a pain.

[kdaily]

Thanks, marking as feature request.

[jghal]

Looks similar to #5301 and #5061.

[onitake]

Another option would be to simply not send the the authorization code with the request.
It looks like AWS "burns" the code when it has been processed once, preventing login via a separate (private) browser window completely.

[onitake]

@jghal #5061 is a different request, and probably not solvable. But it looks like #5533 requests the same as #5301 .

[kdaily]

Hi @jghal thanks for that comment - I agree that this issue is a duplicate of #5301. Marking it as such and closing this one, will make sure to cross-reference.