Skip to content
This repository has been archived by the owner on Jan 8, 2024. It is now read-only.

internal/cli: waypoint login supports tokens #1848

Merged
merged 4 commits into from
Jul 14, 2021
Merged

internal/cli: waypoint login supports tokens #1848

merged 4 commits into from
Jul 14, 2021

Conversation

mitchellh
Copy link
Contributor

This builds on waypoint login introduced in #1831 for OIDC to provide a much nicer token-based login experience.

Prior to this, users had to use waypoint context create and specifically had to use a login token with that. If they had an invite token, they first had to convert it using waypoint token exchange. This is all friction and not obvious to users (though the underlying machinery is important).

Users can now use waypoint login with just the server address and ANY token and the CLI automatically does the right thing. It checks if the token is an invite token and automatically exchanges it. It also infers all the TLS and server connection settings based on the hostname (same as OIDC).

Demo

CleanShot.2021-07-13.at.10.55.13.mp4

@mitchellh mitchellh added this to the 0.5.0 milestone Jul 13, 2021
@mitchellh mitchellh requested a review from a team July 13, 2021 17:59
@github-actions github-actions bot added the core label Jul 13, 2021
mitchellh
mitchellh commented Jul 13, 2021
View reviewed changes
internal/cli/login.go
// clientContext is always set to our actual context we used to
// create our client. So this will accurately grab non-flag based
// access i.e. loading our default context.
newContext = *c.clientContext
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This also fixes a bug with OIDC, too.

krantzinator
krantzinator approved these changes Jul 13, 2021
View reviewed changes
Copy link
Contributor

@krantzinator krantzinator left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Massive QOL improvement 🚀

internal/cli/login.go

// If we have a login token, then we're just done cause that can be stored directly.
if _, ok := token.Kind.(*pb.Token_Login_); ok {
return c.flagToken, 0
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Super yak shave-y question, but wouldn't token here and on line 188 make more semantic sense?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

token is the full pb.Token structure, not the string-encoded token 😄

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah ok, so is the convertResp.Token on line 125 a different type then than the decodeResp.Token?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not familiar with the larger OIDC picture yet 🙈 Tomorrow! hah

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah haha. This is just the token system APIs so no need to know OIDC. decodeResp decodes a string token into a *pb.Token and Convert just returns the string token (converted from an invite token).

@mitchellh
Copy link
Contributor Author

Merging this since it fixes a bug with OIDC!

@mitchellh mitchellh merged commit 97f308b into feature/oidc Jul 14, 2021
@mitchellh mitchellh deleted the feature/login-token branch July 14, 2021 15:46
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@krantzinator krantzinator krantzinator approved these changes

Assignees
No one assigned
Labels
core
Projects
None yet
Milestone
0.5.0
Development

Successfully merging this pull request may close these issues.
2 participants
@mitchellh @krantzinator