extension login with non-default browser and remote vscode mode has no effect

[rbtcollins]

Problem

I can't figure out how to get the extension logged in so the explorer works

Steps to reproduce the issue

1. Clean slate

2. install firefox, make default browser (perhaps unrelated, IDK).

3. install chrome

4. create a default chrome profile

5. create a second chrome profile for 'work', log into AWS identity centre in that profile

6. create a Hyper-V VM, install ubuntu

7. inside that VM install aws cli v2.current and run aws configure sso, verify it works

8. install vscode, add the remote extension, connect to the VM as a remote folder

9. add vscode AWS extension, click on the

10. Copy the code and put it aside

11. Select 'copy' when given the URL, rather than open, because the default browser doesn't have AWS credentials.

12. Paste the URL into the chrome work profile

13. paste the stashed code into the prompt

14. approve the request

15. close the browser window

16. observe that the VS code extension still says it is expired or invalid

System details (run the AWS: About Toolkit command)

OS: Linux x64 5.15.0-1033-azure Visual Studio Code extension host: 1.76.1 AWS Toolkit: 1.64.0 node: 16.14.2

[JadenSimon]

Hi @rbtcollins,

Thank you for the detailed bug report! I believe the problem is because of this step:

Select 'copy' when given the URL, rather than open, because the default browser doesn't have AWS credentials.

The extension uses an operation from the VSC API (vscode.env.openExternal) to open links. It only returns a boolean, meaning the extension can only know whether or not the link was opened directly. Everything else is treated as a 'cancel'. So currently you must select Open and login through the default browser.

One solution could be to ignore the result of openExternal though cancelling becomes a bit clunkier. Another solution could be to add a setting that changes the "Copy Code and Proceed" button to "Copy URL and Proceed". Do you have any thoughts/suggestions?

[rbtcollins]

For it to work for me the key thing is to allow me to copy the url without treating that as cancellation.

An unrelated thing is the requirement to copy the code. The AWS cli itself manages to launch a browser window such that the login process includes the code automatically.

For instance, running aws sso login inside the terminal shell of vscode on the remote connection to the VM, results in (presumably through xdg-open interception or something similar) a dialog to open https://device.sso.us-east-1.amazonaws.com/?user_code=XXXX-YYYY , which automatically applies the code.

Possibly there is some reason the vscode extension can't do this, but if it could it would be nice to craft something like: 1) trigger login in the extension 2) construct code as normal 3) request open for https://device.sso.us-east-1.amazonaws.com/?user_code={{code}} 4) ignore the response to the url open prompt 5) if someone attempts a new login, cancel the prior attempt 6) if the code expires cancel the login attempt

[JadenSimon]

For it to work for me the key thing is to allow me to copy the url without treating that as cancellation.

Yup makes sense. The native VSC UI to copy the URL doesn't always show depending on your settings so I'm thinking it might make sense to expose a separate entry point of some sort.

if someone attempts a new login, cancel the prior attempt

Good suggestion! This is something we should add anyway.

a dialog to open https://device.sso.us-east-1.amazonaws.com/?user_code=XXXX-YYYY , which automatically applies the code.

The extension used to have this behavior but this was removed in https://github.com/aws/aws-toolkit-vscode/pull/3148 due to phishing/security concerns.