Skip to content

Best-effort auto-close of the SSO login browser tab#10481

Open
saipavan9 wants to merge 1 commit into
aws:v2from
saipavan9:sso-login-auto-close-tab
Open

Best-effort auto-close of the SSO login browser tab#10481
saipavan9 wants to merge 1 commit into
aws:v2from
saipavan9:sso-login-auto-close-tab

Conversation

@saipavan9

@saipavan9 saipavan9 commented Jul 9, 2026

Copy link
Copy Markdown

Summary

Closes #9585.

After a successful aws sso login Authorization Code flow, the local callback page now makes a best-effort attempt to close its own browser tab, addressing the tab buildup that several users hit when authenticating frequently.

The change is intentionally small and lives entirely in the served callback page.

Behavior and caveat

Browsers only permit window.close() on a tab that was opened by script or that has a single session-history entry. aws sso login opens the browser via the OS default handler (webbrowser.open_new_tab), so:

  • Warm re-auth (a pure redirect chain, single history entry) → the tab closes automatically. ✅
  • Interactive login (sign-in form, MFA, "Allow access") → the tab has more than one history entry, so window.close() is a silent no-op. The page falls back to the existing success message, now reworded to tell the user they can close the tab themselves.

This matches how other CLIs behave (gcloud, az login, gh auth all display a "you may close this window" message rather than reliably closing the OS-opened tab), so the change is additive and cannot regress the current experience. The wording was deliberately made truthful ("This tab will try to close automatically, if it is still open, you can safely close it now") to avoid implying a guarantee the browser may not honor.

A code comment documents the constraint so the window.close() call isn't mistaken for dead code later.

Changes

  • awscli/customizations/sso/index.html: attempt window.close() on a successful (non-error) callback. Reword the success message.
  • tests/unit/customizations/sso/test_utils.py: regression test asserting the served callback page includes the close attempt.
  • .changes/next-release/enhancement-sso-4703.json: changelog entry.

Testing

python -m pytest tests/unit/customizations/sso/test_utils.py tests/functional/sso/test_login.py

All tests pass; ruff check is clean.

After a successful `aws sso login` Authorization Code flow, the local
callback page now attempts to close its own browser tab and shows an
honest message telling the user they can close it manually if the
browser does not.

Browsers only permit window.close() on tabs that were opened by script
or that have a single history entry, so this closes the tab on a warm
re-auth and is a harmless no-op after an interactive login. No new flags
or plumbing are added; the behavior lives entirely in the served
callback page.
@saipavan9 saipavan9 requested a review from a team as a code owner July 9, 2026 06:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant