Skip to content

Add support for device_code flow by selecting a checkbox #7371

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add support for device_code flow by selecting a checkbox #7371

wants to merge 1 commit into from

Conversation

j2clerck
Copy link

@j2clerck j2clerck commented May 23, 2025
edited
Loading

Problem

VSCode extension automatically launch authorization_code flow when performing an enterprise authentication and VSCode is running locally.
In some case, VSCode might be running on a computer that cannot perform the enterprise authentication (e.g Virtual Desktop). In this case, it might be useful for end-user to be able to select the device code authentication flow to be able to complete the authentication from another computer.

Solution

This PR implements a checkbox in the login UI to allow the user to select the device code flow (similar process as for remote extension) and then allows the user to copy the authentication URL and use it from the computer which can actually authenticate.

By default the checkbox is not checked.
After successful authentication, the checkbox is reset.

  • Treat all work as PUBLIC. Private feature/x branches will not be squash-merged at release time.
  • Your code changes must meet the guidelines in CONTRIBUTING.md.
  • License: I confirm that my contribution is made under the terms of the Apache 2.0 license.

@j2clerck j2clerck requested a review from a team as a code owner May 23, 2025 15:01
justinmk3
justinmk3 reviewed May 23, 2025
View reviewed changes
packages/core/src/shared/globalState.ts
@@ -50,6 +50,7 @@ export type globalKey =
| 'aws.amazonq.customization.overrideV2'
| 'aws.amazonq.regionProfiles'
| 'aws.amazonq.regionProfiles.cache'
| 'aws.forceDeviceCodeFlow' // Toggle to force device code flow for authentication
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why store the flag permanently? It might be useful as a one-time choice, but storing it as a permanent choice raises the security risk of this feature.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The current implementation logic only stores temporarily the settings. When the authentication process begins, it revert the setting to undefined.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@justinmk3 justinmk3 justinmk3 left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@j2clerck @justinmk3