codeeno
diff --git a/‎app.js‎
Lines changed: 29 additions & 14 deletions b/‎app.js‎
Lines changed: 29 additions & 14 deletions
diff --git a/‎lib/error.js‎
Lines changed: 3 additions & 0 deletions b/‎lib/error.js‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎lib/web.js‎
Lines changed: 37 additions & 0 deletions b/‎lib/web.js‎
Lines changed: 37 additions & 0 deletions
@@ -1,7 +1,11 @@
 #!/usr/bin/env node
+
 import yargs from "yargs";
+import chalk from "chalk";
+import open from "open";
 import { hideBin } from "yargs/helpers";
 import Configstore from "configstore";
+import { getSigninUrl } from "./lib/web.js";
 import { refreshCredentials } from "./lib/auth.js";
 import { handleError } from "./lib/error.js";
 import {
@@ -23,19 +27,20 @@ const configstore = new Configstore("aws-sso-cli");
 
 const signInHandler = async (argv) => {
   try {
-    const profile =
-      "profile" in argv
-        ? argv.profile
-        : await chooseProfile(configstore);
-        
+    const profile = "profile" in argv ? argv.profile : await chooseProfile(configstore);
+
     const config = await refreshCredentials(loadConfig(configstore, profile), argv.forceNewToken);
     updateConfig(configstore, profile, config);
-    const { token: { accessToken }, region, } = config;
+    const {
+      token: { accessToken },
+      region,
+    } = config;
 
     const { accountId } =
       "account" in argv
         ? await findAccountByName(accessToken, argv.account, region)
         : await chooseAccount(accessToken, region);
+
     const { roleName } =
       "role" in argv
         ? await findRoleByName(accessToken, argv.role, accountId, region)
@@ -45,14 +50,19 @@ const signInHandler = async (argv) => {
       roleCredentials: { accessKeyId, secretAccessKey, sessionToken },
     } = await getCredentials(accessToken, accountId, roleName, region);
 
-    console.log(
-      "",
-      `export AWS_ACCESS_KEY_ID=${accessKeyId}`,
-      "\n",
-      `export AWS_SECRET_ACCESS_KEY=${secretAccessKey}`,
-      "\n",
-      `export AWS_SESSION_TOKEN=${sessionToken}`
-    );
+    if (argv.web) {
+      open(await getSigninUrl(accessKeyId, secretAccessKey, sessionToken, region));
+    } else {
+      console.log(
+        "",
+        `export AWS_ACCESS_KEY_ID=${accessKeyId}`,
+        "\n",
+        `export AWS_SECRET_ACCESS_KEY=${secretAccessKey}`,
+        "\n",
+        `export AWS_SESSION_TOKEN=${sessionToken}`
+      );
+    }
+    console.error(chalk.bold.green("\nAll set!"));
   } catch (err) {
     handleError(err);
   }
@@ -115,5 +125,10 @@ yargs(hideBin(process.argv))
     describe: "Force fetch a new access token for AWS SSO.",
     type: "boolean",
   })
+  .option("w", {
+    alias: "web",
+    describe: "Open selected AWS account in your web browser.",
+    type: "boolean",
+  })
   .wrap(90)
   .help("help", "Show help.").argv;
@@ -21,6 +21,9 @@ export const handleError = (error) => {
   else if (error.code === "ERR_ROLE_NOT_FOUND") {
     console.error("Error: The specified role could not be found for the specified AWS account.");
   }
+  else if (error.code === "ERR_GET_SIGNIN_URL") {
+    console.error(error.message);
+  }
   else {
     console.error(error);
   }
 
@@ -0,0 +1,37 @@
+import axios from "axios";
+import os from "os";
+import { buildError } from "./error.js";
+
+const buildURLQuery = (obj) =>
+  Object.entries(obj)
+    .map((pair) => pair.map(encodeURIComponent).join("="))
+    .join("&");
+
+export const getSigninUrl = async (accessKeyId, secretAccessKey, sessionToken, region) => {
+  const federationUrl = "https://signin.aws.amazon.com/federation";
+  const destinationUrl = `https://console.aws.amazon.com/console/home?region=${region}`;
+
+  try {
+    const response = await axios.get(federationUrl, {
+      params: {
+        Action: "getSigninToken",
+        Session: JSON.stringify({
+          sessionId: accessKeyId,
+          sessionKey: secretAccessKey,
+          sessionToken: sessionToken,
+        }),
+      },
+    });
+
+    const urlParams = buildURLQuery({
+      Action: "login",
+      Issuer: encodeURI(os.hostname),
+      Destination: encodeURI(destinationUrl),
+      SigninToken: encodeURI(response?.data?.SigninToken),
+    });
+
+    return `${federationUrl}?${urlParams}`;
+  } catch (err) {
+    throw buildError("ERR_GET_SIGNIN_URL", `${err}`);
+  }
+};
Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,9 @@ export const handleError = (error) => {`
`21`	`21`	`else if (error.code === "ERR_ROLE_NOT_FOUND") {`
`22`	`22`	`console.error("Error: The specified role could not be found for the specified AWS account.");`
`23`	`23`	`}`
	`24`	`+ else if (error.code === "ERR_GET_SIGNIN_URL") {`
	`25`	`+ console.error(error.message);`
	`26`	`+ }`
`24`	`27`	`else {`
`25`	`28`	`console.error(error);`
`26`	`29`	`}`