Search code examples
pythongoaws-sdkaws-cliaws-sdk-go

How does the AWS CLI open a browser and wait for a response before proceeding?


I'm trying to build a golang cli tool for my company and as part of that build login and some other features into the tool. For the life of me I can't figure out how AWS is able to open a browser window and wait for a few button clicks before proceeding from the CLI.

https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_StartDeviceAuthorization.html

Here's the CLI command I input

aws sso login --profile login                                                                                                    

Attempting to automatically open the SSO authorization page in your default browser.
If the browser does not open or you wish to use a different device to authorize this request, open the following URL:

https://device.sso.us-east-1.amazonaws.com/

Then enter the code:

abcd-efgh
Successfully logged into Start URL: https://d-1421421423.awsapps.com/start

Here's the Python docs as well for start device auth and create token

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/sso-oidc/client/start_device_authorization.html https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/sso-oidc/client/create_token.html


Solution

  • One option that I just threw together that seems to be working is a loop that just checks every second

            for attempts <= 30 {
                fmt.Println(attempts)
                token, err := idc.CreateToken(context.TODO(), &createTokenInput)
                if err != nil {
                    // if debug is enabled show error
                    log.Debug(err.Error())
                    attempts++
                    // wait 1 second
                    time.Sleep(1 * time.Second)
                } else {
                    response = *token
                    break
                }
            }
    

    Edit:

    After running AWS sso login —debug I noticed that the logs are actually looping and running the createToken query over and over, so AWS is doing something similar to the above.