Re-authenticate with an edge-authenticated or OIDC gateway. Dispatches to the appropriate auth flow based on `auth_mode`.
(name: &str, gateway_insecure: bool)
| 1205 | /// |
| 1206 | /// Dispatches to the appropriate auth flow based on `auth_mode`. |
| 1207 | pub async fn gateway_login(name: &str, gateway_insecure: bool) -> Result<()> { |
| 1208 | let metadata = openshell_bootstrap::load_gateway_metadata(name).map_err(|_| { |
| 1209 | miette::miette!( |
| 1210 | "Unknown gateway '{name}'.\n\ |
| 1211 | List available gateways: openshell gateway select" |
| 1212 | ) |
| 1213 | })?; |
| 1214 | |
| 1215 | match metadata.auth_mode.as_deref() { |
| 1216 | Some("cloudflare_jwt") => { |
| 1217 | let token = crate::auth::browser_auth_flow(&metadata.gateway_endpoint).await?; |
| 1218 | openshell_bootstrap::edge_token::store_edge_token(name, &token)?; |
| 1219 | eprintln!("{} Authenticated to gateway '{name}'", "✓".green().bold()); |
| 1220 | } |
| 1221 | Some("oidc") => { |
| 1222 | let issuer = metadata.oidc_issuer.as_deref().ok_or_else(|| { |
| 1223 | miette::miette!("Gateway '{name}' has OIDC auth but no issuer URL in metadata") |
| 1224 | })?; |
| 1225 | let client_id = metadata |
| 1226 | .oidc_client_id |
| 1227 | .as_deref() |
| 1228 | .unwrap_or("openshell-cli"); |
| 1229 | let audience = metadata.oidc_audience.as_deref(); |
| 1230 | let scopes = metadata.oidc_scopes.as_deref(); |
| 1231 | |
| 1232 | let bundle = if std::env::var("OPENSHELL_OIDC_CLIENT_SECRET").is_ok() { |
| 1233 | crate::oidc_auth::oidc_client_credentials_flow( |
| 1234 | issuer, |
| 1235 | client_id, |
| 1236 | audience, |
| 1237 | scopes, |
| 1238 | gateway_insecure, |
| 1239 | ) |
| 1240 | .await? |
| 1241 | } else { |
| 1242 | crate::oidc_auth::oidc_browser_auth_flow( |
| 1243 | issuer, |
| 1244 | client_id, |
| 1245 | audience, |
| 1246 | scopes, |
| 1247 | gateway_insecure, |
| 1248 | ) |
| 1249 | .await? |
| 1250 | }; |
| 1251 | |
| 1252 | let username = jwt_preferred_username(&bundle.access_token); |
| 1253 | openshell_bootstrap::oidc_token::store_oidc_token(name, &bundle)?; |
| 1254 | |
| 1255 | if let Some(user) = username { |
| 1256 | eprintln!( |
| 1257 | "{} Authenticated to gateway '{name}' as {user}", |
| 1258 | "✓".green().bold(), |
| 1259 | ); |
| 1260 | } else { |
| 1261 | eprintln!("{} Authenticated to gateway '{name}'", "✓".green().bold()); |
| 1262 | } |
| 1263 | } |
| 1264 | _ => { |
no test coverage detected