add flag --use-device-code for login command

equinor · Apr 12, 2024 · 85cd52d · 85cd52d
1 parent 0591272
commit 85cd52d
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 12 deletions.
diff --git a/cmd/login.go b/cmd/login.go
@@ -16,6 +16,7 @@ package cmd
 
 import (
 	"github.com/equinor/radix-cli/pkg/client"
+	"github.com/equinor/radix-cli/pkg/flagnames"
 	"github.com/spf13/cobra"
 )
 
@@ -25,10 +26,8 @@ var loginCmd = &cobra.Command{
 	Short: "Login to Radix",
 	Long:  `Login to Radix.`,
 	RunE: func(cmd *cobra.Command, args []string) error {
-
-		cmd.SilenceUsage = true
-
-		err := client.LoginCommand(cmd)
+		useDeviceCode, _ := cmd.Flags().GetBool(flagnames.UseDeviceCode)
+		err := client.LoginCommand(cmd, useDeviceCode)
 		if err != nil {
 			return err
 		}
@@ -39,5 +38,6 @@ var loginCmd = &cobra.Command{
 
 func init() {
 	rootCmd.AddCommand(loginCmd)
+	loginCmd.Flags().Bool(flagnames.UseDeviceCode, false, "Name of the application")
 	setVerbosePersistentFlag(loginCmd)
 }
diff --git a/pkg/client/auth/msal_provider.go b/pkg/client/auth/msal_provider.go
@@ -13,7 +13,7 @@ import (
 
 // MSALAuthProvider is an AuthProvider that uses MSAL
 type MSALAuthProvider interface {
-	Login(ctx context.Context) error
+	Login(ctx context.Context, useDeviceCode bool) error
 	Logout(ctx context.Context) error
 	runtime.ClientAuthInfoWriter
 }
@@ -46,8 +46,12 @@ func (provider *msalAuthProvider) AuthenticateRequest(r runtime.ClientRequest, _
 
 // Login allows the plugin to initialize its configuration. It must not
 // require direct user interaction.
-func (provider *msalAuthProvider) Login(ctx context.Context) error {
-	_, err := provider.loginInteractive(ctx)
+func (provider *msalAuthProvider) Login(ctx context.Context, useDeviceCode bool) error {
+	var loginCmd func(context.Context) (string, error) = provider.loginInteractive
+	if useDeviceCode {
+		loginCmd = provider.loginDeviceCode
+	}
+	_, err := loginCmd(ctx)
 	return err
 }
 
@@ -87,7 +91,7 @@ func (provider *msalAuthProvider) GetToken(ctx context.Context) (string, error)
 }
 
 func (provider *msalAuthProvider) loginInteractive(ctx context.Context) (string, error) {
-	ctx, cancel := context.WithTimeout(ctx, 10*time.Second)
+	ctx, cancel := context.WithTimeout(ctx, 100*time.Second)
 	defer cancel()
 	fmt.Printf("A web browser has been opened at %s/oauth2/v2.0/authorize. Please continue the login in the web browser.\n", provider.authority)
 	result, err := provider.client.AcquireTokenInteractive(ctx, getScopes())
@@ -97,6 +101,23 @@ func (provider *msalAuthProvider) loginInteractive(ctx context.Context) (string,
 	return result.AccessToken, nil
 }
 
+func (provider *msalAuthProvider) loginDeviceCode(ctx context.Context) (string, error) {
+	ctx, cancel := context.WithTimeout(ctx, 100*time.Second)
+	defer cancel()
+	devCode, err := provider.client.AcquireTokenByDeviceCode(ctx, getScopes())
+	if err != nil {
+		return "", fmt.Errorf("got error while waiting for user to input the device code: %s", err)
+	}
+
+	fmt.Println(devCode.Result.Message) // show authentication link with device code
+
+	result, err := devCode.AuthenticationResult(ctx)
+	if err != nil {
+		return "", err
+	}
+	return result.AccessToken, nil
+}
+
 func getScopes() []string {
 	return []string{"6dae42f8-4368-4678-94ff-3960e28e3630/.default"}
 }
diff --git a/pkg/client/client.go b/pkg/client/client.go
@@ -84,8 +84,8 @@ func getAuthWriter(cmd *cobra.Command, config *radixconfig.RadixConfig) (runtime
 }
 
 // LoginCommand Login client for command
-func LoginCommand(cmd *cobra.Command) error {
-	return LoginContext()
+func LoginCommand(cmd *cobra.Command, useDeviceCode bool) error {
+	return LoginContext(useDeviceCode)
 }
 
 // LogoutCommand Logout command
@@ -112,7 +112,7 @@ func getContextAndCluster(cmd *cobra.Command) (string, string, error) {
 }
 
 // LoginContext Performs login
-func LoginContext() error {
+func LoginContext(useDeviceCode bool) error {
 	radixConfig, err := radixconfig.GetRadixConfig()
 	if err != nil {
 		return err
@@ -124,7 +124,7 @@ func LoginContext() error {
 	if err != nil {
 		return err
 	}
-	return provider.Login(context.Background())
+	return provider.Login(context.Background(), useDeviceCode)
 }
 
 func getAuthProvider(radixConfig *radixconfig.RadixConfig) (auth.MSALAuthProvider, error) {

diff --git a/pkg/flagnames/names.go b/pkg/flagnames/names.go
@@ -39,6 +39,7 @@ const (
 	TokenEnvironment    = "token-environment"
 	TokenStdin          = "token-stdin"
 	UseActiveDeployment = "use-active-deployment"
+	UseDeviceCode       = "use-device-code"
 	User                = "user"
 	Variable            = "variable"
 	Verbose             = "verbose"