add passwordless option that defaults to false

Author: gord5500

src/D2L.Bmx/BmxConfig.cs

@@ -6,5 +6,6 @@ internal record BmxConfig(
 	string? Account,
 	string? Role,
 	string? Profile,
-	int? Duration
+	int? Duration,
+	bool? Passwordless
 );

src/D2L.Bmx/BmxConfigProvider.cs

@@ -44,13 +44,22 @@ public BmxConfig GetConfiguration() {
 			duration = configDuration;
 		}
 
+		bool? passwordless = null;
+		if( !string.IsNullOrEmpty( data.Global["passwordless"] ) ) {
+			if( !bool.TryParse( data.Global["passwordless"], out bool configPasswordless ) ) {
+				throw new BmxException( "Invalid passwordless in config" );
+			}
+			passwordless = configPasswordless;
+		}
+
 		return new BmxConfig(
 			Org: data.Global["org"],
 			User: data.Global["user"],
 			Account: data.Global["account"],
 			Role: data.Global["role"],
 			Profile: data.Global["profile"],
-			Duration: duration
+			Duration: duration,
+			Passwordless: passwordless
 		);
 	}
 
@@ -75,6 +84,9 @@ public void SaveConfiguration( BmxConfig config ) {
 		if( config.Duration.HasValue ) {
 			data.Global["duration"] = $"{config.Duration}";
 		}
+		if( config.Passwordless.HasValue ) {
+			data.Global["passwordless"] = $"{config.Passwordless}";
+		}
 
 		fs.Position = 0;
 		fs.SetLength( 0 );

src/D2L.Bmx/Browser.cs

@@ -32,7 +32,7 @@ public class Browser {
 		}
 
 		var launchOptions = new LaunchOptions {
-			Headless = true,
+			Headless = false,
 			ExecutablePath = browserPath,
 			Args = noSandbox ? ["--no-sandbox"] : []
 		};

src/D2L.Bmx/ConfigureHandler.cs

@@ -9,7 +9,8 @@ public void Handle(
 		string? org,
 		string? user,
 		int? duration,
-		bool nonInteractive
+		bool nonInteractive,
+		bool? passwordless
 	) {
 
 		if( string.IsNullOrEmpty( org ) && !nonInteractive ) {
@@ -24,13 +25,18 @@ bool nonInteractive
 			duration = consolePrompter.PromptDuration();
 		}
 
+		if( passwordless is null && !nonInteractive ) {
+			passwordless = consolePrompter.PromptPasswordless();
+		}
+
 		BmxConfig config = new(
 			Org: org,
 			User: user,
 			Account: null,
 			Role: null,
 			Profile: null,
-			Duration: duration
+			Duration: duration,
+			Passwordless: passwordless
 		);
 		configProvider.SaveConfiguration( config );
 		Console.WriteLine( "Your configuration has been created. Okta sessions will now also be cached." );

src/D2L.Bmx/ConsolePrompter.cs

@@ -13,6 +13,7 @@ internal interface IConsolePrompter {
 	string PromptRole( string[] roles );
 	OktaMfaFactor SelectMfa( OktaMfaFactor[] mfaOptions );
 	string GetMfaResponse( string mfaInputPrompt, bool maskInput );
+	bool PromptPasswordless();
 }
 
 internal class ConsolePrompter : IConsolePrompter {
@@ -107,6 +108,15 @@ string IConsolePrompter.PromptRole( string[] roles ) {
 		return roles[index - 1];
 	}
 
+	bool IConsolePrompter.PromptPasswordless() {
+		Console.Error.Write( $"{ParameterDescriptions.Passwordless} (y/n): " );
+		string? input = Console.ReadLine();
+		if( input is null || input.Length != 1 || ( input[0] != 'y' && input[0] != 'n' ) ) {
+			throw new BmxException( "Invalid passwordless input" );
+		}
+		return input[0] == 'y';
+	}
+
 	OktaMfaFactor IConsolePrompter.SelectMfa( OktaMfaFactor[] mfaOptions ) {
 		Console.Error.WriteLine( "MFA Required" );
 

src/D2L.Bmx/LoginHandler.cs

@@ -6,14 +6,22 @@ OktaAuthenticator oktaAuth
 	public async Task HandleAsync(
 		string? org,
 		string? user,
-		bool experimental
+		bool experimental,
+		bool? passwordless
 	) {
 		if( !File.Exists( BmxPaths.CONFIG_FILE_NAME ) ) {
 			throw new BmxException(
 				"BMX global config file not found. Okta sessions will not be saved. Please run `bmx configure` first."
 			);
 		}
-		await oktaAuth.AuthenticateAsync( org, user, nonInteractive: false, ignoreCache: true, experimental: experimental );
+		await oktaAuth.AuthenticateAsync(
+			org,
+			user,
+			nonInteractive: false,
+			ignoreCache: true,
+			experimental: experimental,
+			passwordless: passwordless
+		);
 		Console.WriteLine( "Successfully logged in and Okta session has been cached." );
 	}
 }

src/D2L.Bmx/OktaAuthenticator.cs

@@ -25,7 +25,8 @@ public async Task<OktaAuthenticatedContext> AuthenticateAsync(
 		string? user,
 		bool nonInteractive,
 		bool ignoreCache,
-		bool experimental
+		bool experimental,
+		bool? passwordless
 	) {
 		var orgSource = ParameterSource.CliArg;
 		if( string.IsNullOrEmpty( org ) && !string.IsNullOrEmpty( config.Org ) ) {
@@ -55,12 +56,18 @@ bool experimental
 			consoleWriter.WriteParameter( ParameterDescriptions.User, user, userSource );
 		}
 
+		if( passwordless is null && config.Passwordless is not null ) {
+			passwordless = config.Passwordless;
+		}
+
 		var oktaAnonymous = oktaClientFactory.CreateAnonymousClient( org );
 
 		if( !ignoreCache && TryAuthenticateFromCache( org, user, oktaClientFactory, out var oktaAuthenticated ) ) {
 			return new OktaAuthenticatedContext( Org: org, User: user, Client: oktaAuthenticated );
 		}
-		if( await TryAuthenticateWithDSSOAsync( org, user, oktaClientFactory, experimental ) is { } oktaDSSOAuthenticated ) {
+		if( passwordless == true
+			&& await TryAuthenticateWithDSSOAsync( org, user, oktaClientFactory, experimental ) is { } oktaDSSOAuthenticated
+		) {
 			return new OktaAuthenticatedContext( Org: org, User: user, Client: oktaDSSOAuthenticated );
 		}
 		if( nonInteractive ) {
@@ -230,7 +237,14 @@ IResponse response
 
 		var oktaAuthenticatedClient = oktaClientFactory.CreateAuthenticatedClient( org, sessionId );
 		var sessionExpiry = await oktaAuthenticatedClient.GetSessionExpiryAsync();
-		CacheOktaSession( user, org, sessionId, sessionExpiry );
+		if( File.Exists( BmxPaths.CONFIG_FILE_NAME ) ) {
+			CacheOktaSession( user, org, sessionId, sessionExpiry );
+		} else {
+			consoleWriter.WriteWarning( """
+					No config file found. Your Okta session will not be cached.
+					Consider running `bmx configure` if you own this machine.
+					""" );
+		}
 		return oktaAuthenticatedClient;
 	}
 

src/D2L.Bmx/ParameterDescriptions.cs

@@ -20,4 +20,5 @@ internal static class ParameterDescriptions {
 		""";
 
 	public const string Experimental = "Enables experimental features";
+	public const string Passwordless = "Use Okta DSSO to attempt to authenticate without providing a password";
 }

src/D2L.Bmx/PrintHandler.cs

@@ -15,14 +15,16 @@ public async Task HandleAsync(
 		bool nonInteractive,
 		string? format,
 		bool cacheAwsCredentials,
-		bool experimental
+		bool experimental,
+		bool? passwordless
 	) {
 		var oktaContext = await oktaAuth.AuthenticateAsync(
 			org: org,
 			user: user,
 			nonInteractive: nonInteractive,
 			ignoreCache: false,
-			experimental: experimental
+			experimental: experimental,
+			passwordless: passwordless
 		);
 		var awsCreds = ( await awsCredsCreator.CreateAwsCredsAsync(
 			okta: oktaContext,

src/D2L.Bmx/Program.cs

@@ -17,6 +17,10 @@
 var userOption = new Option<string>(
 	name: "--user",
 	description: ParameterDescriptions.User );
+var passwordlessOption = new Option<bool?>(
+	name: "--passwordless",
+	description: ParameterDescriptions.Passwordless
+);
 
 // allow no-sandbox argument for DSSO and future experimental features
 var experimentalOption = new Option<bool>(
@@ -28,6 +32,7 @@
 	orgOption,
 	userOption,
 	experimentalOption,
+	passwordlessOption
 };
 loginCommand.SetHandler( ( InvocationContext context ) => {
 	var consoleWriter = new ConsoleWriter();
@@ -42,7 +47,8 @@
 	return handler.HandleAsync(
 		org: context.ParseResult.GetValueForOption( orgOption ),
 		user: context.ParseResult.GetValueForOption( userOption ),
-		experimental: context.ParseResult.GetValueForOption( experimentalOption )
+		experimental: context.ParseResult.GetValueForOption( experimentalOption ),
+		passwordless: context.ParseResult.GetValueForOption( passwordlessOption )
 	);
 } );
 
@@ -71,6 +77,7 @@
 	userOption,
 	durationOption,
 	nonInteractiveOption,
+	passwordlessOption,
 };
 
 configureCommand.SetHandler( ( InvocationContext context ) => {
@@ -81,7 +88,8 @@
 		org: context.ParseResult.GetValueForOption( orgOption ),
 		user: context.ParseResult.GetValueForOption( userOption ),
 		duration: context.ParseResult.GetValueForOption( durationOption ),
-		nonInteractive: context.ParseResult.GetValueForOption( nonInteractiveOption )
+		nonInteractive: context.ParseResult.GetValueForOption( nonInteractiveOption ),
+		passwordless: context.ParseResult.GetValueForOption( passwordlessOption )
 	);
 	return Task.CompletedTask;
 } );
@@ -127,6 +135,7 @@
 	nonInteractiveOption,
 	cacheAwsCredentialsOption,
 	experimentalOption,
+	passwordlessOption,
 };
 
 printCommand.SetHandler( ( InvocationContext context ) => {
@@ -156,7 +165,8 @@
 		nonInteractive: context.ParseResult.GetValueForOption( nonInteractiveOption ),
 		format: context.ParseResult.GetValueForOption( formatOption ),
 		cacheAwsCredentials: context.ParseResult.GetValueForOption( cacheAwsCredentialsOption ),
-		experimental: context.ParseResult.GetValueForOption( experimentalOption )
+		experimental: context.ParseResult.GetValueForOption( experimentalOption ),
+		passwordless: context.ParseResult.GetValueForOption( passwordlessOption )
 	);
 } );
 
@@ -182,7 +192,8 @@
 	nonInteractiveOption,
 	cacheAwsCredentialsOption,
 	useCredentialProcessOption,
-	experimentalOption
+	experimentalOption,
+	passwordlessOption,
 };
 
 writeCommand.SetHandler( ( InvocationContext context ) => {
@@ -218,7 +229,8 @@
 		profile: context.ParseResult.GetValueForOption( profileOption ),
 		cacheAwsCredentials: context.ParseResult.GetValueForOption( cacheAwsCredentialsOption ),
 		useCredentialProcess: context.ParseResult.GetValueForOption( useCredentialProcessOption ),
-		experimental: context.ParseResult.GetValueForOption( experimentalOption )
+		experimental: context.ParseResult.GetValueForOption( experimentalOption ),
+		passwordless: context.ParseResult.GetValueForOption( passwordlessOption )
 		);
 } );
 

src/D2L.Bmx/WriteHandler.cs

@@ -28,7 +28,8 @@ public async Task HandleAsync(
 		string? profile,
 		bool cacheAwsCredentials,
 		bool useCredentialProcess,
-		bool experimental
+		bool experimental,
+		bool? passwordless
 	) {
 		cacheAwsCredentials = cacheAwsCredentials || useCredentialProcess;
 
@@ -37,7 +38,8 @@ bool experimental
 			user: user,
 			nonInteractive: nonInteractive,
 			ignoreCache: false,
-			experimental: experimental
+			experimental: experimental,
+			passwordless: passwordless
 		);
 		var awsCredsInfo = await awsCredsCreator.CreateAwsCredsAsync(
 			okta: oktaContext,