Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authorization code grant for AWS SSO #17

Merged
merged 4 commits into from
Dec 27, 2024
Merged

Authorization code grant for AWS SSO #17

merged 4 commits into from
Dec 27, 2024

Conversation

sorah
Copy link
Owner

@sorah sorah commented Dec 27, 2024

following https://aws.amazon.com/about-aws/whats-new/2024/11/aws-command-line-interface-pkce-single-sign-on/

  • aws_sso has been renamed to aws_sso_device_code
  • AWS SSO specific RPCs and --oauth-grant-type has been removed and merged into standard oauth grant type arguments; OTOH: code and device_code now works for grant_type value on AWS SSO servers
  • /oauth/callback path is used for AWS SSO because AWS refuses any other paths
  • Client registration has to be refreshed in order to add allowed grant types and redirect_url. New field epoch is introduced in order to allow triggering refresh by this kind of change.

sorah added 4 commits November 28, 2024 02:32
@sorah
rename: aws_sso => aws_sso_device_code
1558f04 
in order to support grant_type=code and PKCE

following https://aws.amazon.com/about-aws/whats-new/2024/11/aws-command-line-interface-pkce-single-sign-on/
@sorah
remove AwsSso specific proto message and rpc
9851dc8 
eliminate dupe code between AwsSso variant and generic OAuth2 variant

in order to add support for grant_type=code and PKCE in AWS SSO Client

following https://aws.amazon.com/about-aws/whats-new/2024/11/aws-command-line-interface-pkce-single-sign-on/
@sorah
ext_awssso: extract common functions among grant_types
cb5bc0a
@sorah
Implement authorization code grant for AWS SSO
1042a6b 
* /oauth/callback path is used for AWS SSO because AWS refuses any other
  paths
* Client registration has to be refreshed in order to add allowed grant
  types and redirect_url. New field `epoch` is introduced in order to
  allow triggering refresh by this kind of change.

following https://aws.amazon.com/about-aws/whats-new/2024/11/aws-command-line-interface-pkce-single-sign-on/
@sorah sorah merged commit 3228c4f into main Dec 27, 2024
3 checks passed
@sorah sorah deleted the awssso-dupe-el branch December 27, 2024 05:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@sorah