search

hashicorp / boundary

Boundary enables identity-based access management for dynamic infrastructure.
https://boundaryproject.io
Other
3.84k stars 287 forks source link

Authentication tokens are not stored to keychain on Mac when using `-format=json` #3159

Closed mmussomele closed 1 year ago

mmussomele commented 1 year ago

Describe the bug Authentication tokens are not stored to keychain on Mac when using -format=json

To Reproduce Steps to reproduce the behavior:

  1. Run boundary authenticate oidc --format=json on MacOS
  2. Run any command that would require the resulting token
  3. The command should fail

Expected behavior Command 2 should succeed.

Additional context Maybe this behavior is intended (e.g. "the user asked for the json output so they intend to save the token themselves"), but none of the docs I could find (here, here, here or by doing boundary authenticate oidc --help) indicate that this behavior will occur. The token is just silently omitted from the keychain.

hugoghx commented 1 year ago

Hey @mmussomele,

I've looked into this and can confirm it is intended behaviour.

Since outputting in JSON is designed to allow for sending the output to other tools, it's reasonable to assume in this case that the user wants that authentication information to be passed along to another tool for storage.

You can find that in this function, we don't attempt to store to the keychain if we are outputting in JSON.

As you mentioned, I haven't found any documentation on this, so I have a PR up to fix that (see above)

Thanks for your report! 😃