Allow login on headless systems

[svenk]

Problem description

The CLI login command won't work at a (Linux) system without a running graphical window system. Typical examples are servers or jumphosts:

$ ./stackit auth login
Error: authorization failed: open browser to URL https://accounts.stackit.cloud/oauth/v2/authorize?client_id=stackit-cli-0000-0000-000000000001&code_challenge=dPQm6Vpnqnu8w6u-c3ieLizxbiJI8hGIPxYo65TX3jQ&code_challenge_method=S256&redirect_uri=http%3A%2F%2Flocalhost%3A8000&response_type=code&scope=openid+offline_access+email: exec: "xdg-open": executable file not found in $PATH

This is frustrating, you need to have an X11 environment in order to use a CLI tool.

Proposed solution

Print a URL which a user can visit on a system with a browser where he can manually read off and manually feed back a key back to the stackit-cli. In principle this is already how the challenge works today, as calling the URL above redirects to http://localhost:8000/?code=TheChallengeCode... but there is no way to feed back this code into the CLI.

A suggested API could be: stackit auth login-headless which emits the URL and waits for input.(STACKIT) Cloud Foundry, or in particular the cf CLI, has exactly this workflow:

% cf login -a https://api.system.01.cf.eu01.stackit.cloud --sso
API endpoint: https://api.system.01.cf.eu01.stackit.cloud

Temporary Authentication Code ( Get one at https://login.system.01.cf.eu01.stackit.cloud/passcode ): 

You can then visit https://login.system.01.cf.eu01.stackit.cloud/passcode and put the code there.

Alternative solutions (optional)

A service account is the only way right now.

[marceljk]

Hello,

Thank you for reporting your feature request. We already have a ticket in our backlog, to support device code flow, which will solve the issue.

Best regards
Marcel from the STACKIT Developer Tools