Best-effort auto-close of the SSO login browser tab#10481
Open
saipavan9 wants to merge 1 commit into
Open
Conversation
After a successful `aws sso login` Authorization Code flow, the local callback page now attempts to close its own browser tab and shows an honest message telling the user they can close it manually if the browser does not. Browsers only permit window.close() on tabs that were opened by script or that have a single history entry, so this closes the tab on a warm re-auth and is a harmless no-op after an interactive login. No new flags or plumbing are added; the behavior lives entirely in the served callback page.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #9585.
After a successful
aws sso loginAuthorization Code flow, the local callback page now makes a best-effort attempt to close its own browser tab, addressing the tab buildup that several users hit when authenticating frequently.The change is intentionally small and lives entirely in the served callback page.
Behavior and caveat
Browsers only permit
window.close()on a tab that was opened by script or that has a single session-history entry.aws sso loginopens the browser via the OS default handler (webbrowser.open_new_tab), so:window.close()is a silent no-op. The page falls back to the existing success message, now reworded to tell the user they can close the tab themselves.This matches how other CLIs behave (
gcloud,az login,gh authall display a "you may close this window" message rather than reliably closing the OS-opened tab), so the change is additive and cannot regress the current experience. The wording was deliberately made truthful ("This tab will try to close automatically, if it is still open, you can safely close it now") to avoid implying a guarantee the browser may not honor.A code comment documents the constraint so the
window.close()call isn't mistaken for dead code later.Changes
awscli/customizations/sso/index.html: attemptwindow.close()on a successful (non-error) callback. Reword the success message.tests/unit/customizations/sso/test_utils.py: regression test asserting the served callback page includes the close attempt..changes/next-release/enhancement-sso-4703.json: changelog entry.Testing
All tests pass;
ruff checkis clean.