Problem
coder login token fails with a cryptic error when --url or CODER_URL is not provided, even after a successful coder login. Occurs on macOS, where the CLI will use the keyring by default.
$ coder login dev.coder.com
Welcome to Coder, zachkipp! You're authenticated.
$ coder login token
error: read session token: nil server URL
The config file URL exists and is valid:
$ cat ~/Library/Application\ Support/coderv2/url
https://dev.coder.com
Cause
When the CLI is not using the keyring, the session file on disk is simply printed out. This is what the unit tests covered. When the keyring is used, the URL needs to be provided to know what session token to print out because the storage format permits storage of multiple session tokens. In the coder, r.clientURL was used directly which is only populated from --url or CODER_URL. So essentially, when using the keyring a token could only be printed out if either --url or CODER_URL was specified even if a user is currently logged in to a deployment and the url file contains the deployment URL.
Solution
Extract the deployment URL-loading logic from InitClient into a reusable method and call it from loginToken(). This makes coder login token consistent with every other command that needs the server URL. This mean that regardless of keyring/file storage, the CLI will read the url file on disk that was updated when logging in, unless the user specifies --url or CODER_URL. So a user that has logged into a deployment with a machine that is using the keyring for session token storage should not need to provide --url or CODER_URL to print out the token for the deployment they are logged in to.
Goal:
| Scenario |
Before |
After |
coder login token (logged in, keyring storage) |
error: read session token: nil server URL |
Prints token |
coder login token (logged in, file storage) |
Prints token |
Prints token |
coder login token (not logged in) |
error: read session token: nil server URL |
error: You are not logged in. Try logging in using 'coder login <url>'. |
coder login token --url <url> (logged in, matching URL) |
Prints token |
Prints token |
coder login token --url <url> (logged in, different URL, keyring) |
Prints token for that URL |
Prints token for that URL |
coder login token --url <url> (logged in, different URL, file backend) |
Silently prints token for wrong server |
error: the file-based session store only supports one server at a time: requested <url> but logged into <stored-url> |
coder login token --url <url> (no token stored) |
error: no session token found |
error: no session token found |
Relates to #21515
Problem
coder login tokenfails with a cryptic error when--urlorCODER_URLis not provided, even after a successful coder login. Occurs on macOS, where the CLI will use the keyring by default.The config file URL exists and is valid:
Cause
When the CLI is not using the keyring, the session file on disk is simply printed out. This is what the unit tests covered. When the keyring is used, the URL needs to be provided to know what session token to print out because the storage format permits storage of multiple session tokens. In the coder,
r.clientURLwas used directly which is only populated from--urlorCODER_URL. So essentially, when using the keyring a token could only be printed out if either--urlorCODER_URLwas specified even if a user is currently logged in to a deployment and theurlfile contains the deployment URL.Solution
Extract the deployment URL-loading logic from
InitClientinto a reusable method and call it fromloginToken(). This makescoder login tokenconsistent with every other command that needs the server URL. This mean that regardless of keyring/file storage, the CLI will read the url file on disk that was updated when logging in, unless the user specifies--urlorCODER_URL. So a user that has logged into a deployment with a machine that is using the keyring for session token storage should not need to provide--urlorCODER_URLto print out the token for the deployment they are logged in to.Goal:
coder login token(logged in, keyring storage)error: read session token: nil server URLcoder login token(logged in, file storage)coder login token(not logged in)error: read session token: nil server URLerror: You are not logged in. Try logging in using 'coder login <url>'.coder login token --url <url>(logged in, matching URL)coder login token --url <url>(logged in, different URL, keyring)coder login token --url <url>(logged in, different URL, file backend)error: the file-based session store only supports one server at a time: requested <url> but logged into <stored-url>coder login token --url <url>(no token stored)error: no session token founderror: no session token foundRelates to #21515