Open rbtcollins opened 1 year ago
Hi @rbtcollins,
Thank you for the detailed bug report! I believe the problem is because of this step:
Select 'copy' when given the URL, rather than open, because the default browser doesn't have AWS credentials.
The extension uses an operation from the VSC API (vscode.env.openExternal
) to open links. It only returns a boolean, meaning the extension can only know whether or not the link was opened directly. Everything else is treated as a 'cancel'. So currently you must select Open
and login through the default browser.
One solution could be to ignore the result of openExternal
though cancelling becomes a bit clunkier. Another solution could be to add a setting that changes the "Copy Code and Proceed" button to "Copy URL and Proceed". Do you have any thoughts/suggestions?
For it to work for me the key thing is to allow me to copy the url without treating that as cancellation.
An unrelated thing is the requirement to copy the code. The AWS cli itself manages to launch a browser window such that the login process includes the code automatically.
For instance, running aws sso login
inside the terminal shell of vscode on the remote connection to the VM, results in (presumably through xdg-open interception or something similar) a dialog to open https://device.sso.us-east-1.amazonaws.com/?user_code=XXXX-YYYY
, which automatically applies the code.
Possibly there is some reason the vscode extension can't do this, but if it could it would be nice to craft something like:
1) trigger login in the extension
2) construct code as normal
3) request open for https://device.sso.us-east-1.amazonaws.com/?user_code={{code}}
4) ignore the response to the url open prompt
5) if someone attempts a new login, cancel the prior attempt
6) if the code expires cancel the login attempt
For it to work for me the key thing is to allow me to copy the url without treating that as cancellation.
Yup makes sense. The native VSC UI to copy the URL doesn't always show depending on your settings so I'm thinking it might make sense to expose a separate entry point of some sort.
if someone attempts a new login, cancel the prior attempt
Good suggestion! This is something we should add anyway.
a dialog to open https://device.sso.us-east-1.amazonaws.com/?user_code=XXXX-YYYY , which automatically applies the code.
The extension used to have this behavior but this was removed in https://github.com/aws/aws-toolkit-vscode/pull/3148 due to phishing/security concerns.
Problem
I can't figure out how to get the extension logged in so the explorer works
Steps to reproduce the issue
Clean slate
install firefox, make default browser (perhaps unrelated, IDK).
install chrome
create a default chrome profile
create a second chrome profile for 'work', log into AWS identity centre in that profile
create a Hyper-V VM, install ubuntu
inside that VM install aws cli v2.current and run
aws configure sso
, verify it worksinstall vscode, add the remote extension, connect to the VM as a remote folder
add vscode AWS extension, click on the
Copy the code and put it aside
Select 'copy' when given the URL, rather than open, because the default browser doesn't have AWS credentials.
Paste the URL into the chrome work profile
paste the stashed code into the prompt
approve the request
close the browser window
observe that the VS code extension still says it is expired or invalid
System details (run the
AWS: About Toolkit
command)OS: Linux x64 5.15.0-1033-azure Visual Studio Code extension host: 1.76.1 AWS Toolkit: 1.64.0 node: 16.14.2