Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Browser login and Credential process #236

Open
wants to merge 4 commits into
base: master
Choose a base branch
from

Conversation

mcfedr
Copy link

@mcfedr mcfedr commented Jul 29, 2021

There are two features that join into each other:

Browser Login:

Open the users web browser, let him login there, and then we catch the SAML.
Its slightly annoying, because google will only send the SAML to a valid https server. To work around this, I have a server that can be hosted serverless-ly somewhere, and it will forward the SAML to http://127.0.0.1:8000, where the python client is waiting for it.

Credential Process:

AWS cli supports an config, credential_process, that means it can trigger a process to get the credentials for a profile. These changes allow aws-google-auth to be this process. Now everything is magic.

There are a couple of changes required for this - basically aws cli wont call the process if there are any keys in credentials file - even if its expired, but it also doesn't have its own credentials cache, so basically we write the creds to the credentials file under a different name and use this as a cache. I keep it in the credentials file so that the security properties as the same as normal.

@mcfedr
Copy link
Author

mcfedr commented Jul 29, 2021

Has some relations to #142 but I dont handle the interactive flow for credential_process - instead assuming you use the non-interactive browser flow.

mcfedr added 2 commits July 29, 2021 15:09
when resolving aliases, some roles might be used that actually don't work right now, this change allows these to just show the account number
@mcfedr mcfedr force-pushed the credential_process branch from e344db7 to b4a8915 Compare July 29, 2021 12:09
@mcfedr
Copy link
Author

mcfedr commented Jul 29, 2021

Closes ##225 and ##224 as all the commits are merged here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant