Problem description
The CLI login command won't work at a (Linux) system without a running graphical window system. Typical examples are servers or jumphosts:
$ ./stackit auth login
Error: authorization failed: open browser to URL https://accounts.stackit.cloud/oauth/v2/authorize?client_id=stackit-cli-0000-0000-000000000001&code_challenge=dPQm6Vpnqnu8w6u-c3ieLizxbiJI8hGIPxYo65TX3jQ&code_challenge_method=S256&redirect_uri=http%3A%2F%2Flocalhost%3A8000&response_type=code&scope=openid+offline_access+email: exec: "xdg-open": executable file not found in $PATH
This is frustrating, you need to have an X11 environment in order to use a CLI tool.
Proposed solution
Print a URL which a user can visit on a system with a browser where he can manually read off and manually feed back a key back to the stackit-cli. In principle this is already how the challenge works today, as calling the URL above redirects to http://localhost:8000/?code=TheChallengeCode... but there is no way to feed back this code into the CLI.
A suggested API could be: stackit auth login-headless which emits the URL and waits for input.(STACKIT) Cloud Foundry, or in particular the cf CLI, has exactly this workflow:
% cf login -a https://api.system.01.cf.eu01.stackit.cloud --sso
API endpoint: https://api.system.01.cf.eu01.stackit.cloud
Temporary Authentication Code ( Get one at https://login.system.01.cf.eu01.stackit.cloud/passcode ):
You can then visit https://login.system.01.cf.eu01.stackit.cloud/passcode and put the code there.
Alternative solutions (optional)
A service account is the only way right now.
Problem description
The CLI login command won't work at a (Linux) system without a running graphical window system. Typical examples are servers or jumphosts:
This is frustrating, you need to have an X11 environment in order to use a CLI tool.
Proposed solution
Print a URL which a user can visit on a system with a browser where he can manually read off and manually feed back a key back to the stackit-cli. In principle this is already how the challenge works today, as calling the URL above redirects to http://localhost:8000/?code=TheChallengeCode... but there is no way to feed back this code into the CLI.
A suggested API could be:
stackit auth login-headlesswhich emits the URL and waits for input.(STACKIT) Cloud Foundry, or in particular thecfCLI, has exactly this workflow:You can then visit https://login.system.01.cf.eu01.stackit.cloud/passcode and put the code there.
Alternative solutions (optional)
A service account is the only way right now.