fix(lambda): add confirmation prompt before initiating console login#8598
fix(lambda): add confirmation prompt before initiating console login#8598keenwilson wants to merge 5 commits intoaws:masterfrom
Conversation
|
⏳ I'm reviewing this pull request for security vulnerabilities and code quality issues. I'll provide an update when I'm done |
|
✅ I finished the code review, and didn't find any security or code quality issues. |
| }) | ||
| } | ||
|
|
||
| export async function promptConsoleLogin(functionName: string): Promise<boolean> { |
There was a problem hiding this comment.
is functionName being used in this method?
There was a problem hiding this comment.
Thank you for catching this. This param is not used. I will remove it.
| return false | ||
| } | ||
|
|
||
| return response === continueBtn |
There was a problem hiding this comment.
are we handling here what happens if user closes the modal?
There was a problem hiding this comment.
If user "cancel" the modal, users will see "Failed to handle URI" and logs like:
2026-02-23 17:08:26.788 [error] UriHandler: unexpected exception when handling "/lambda/load-function": 'Error: User cancelled operation\n' +
'\t -> Error: User opted out of console login despite no active connection'
| if (!activeConnection) { | ||
| const proceed = await promptConsoleLogin(name) | ||
| if (!proceed) { | ||
| throw new ToolkitError('User opted out of console login despite no active connection', { cancelled: true }) |
There was a problem hiding this comment.
Why would this be an error/Exception? Isn't just a decision from the customer? Does this show a popup with this "error" message? (if the user just hit cancelled, do they need to see a message about that?)
There was a problem hiding this comment.
Thank you for checking this. This error will not pop up to customer.
We will record the reason code of this "cancellation" in telemetry. User will still see this error message in the AWS Toolkit logs if they investigate.
There was a problem hiding this comment.
Agree, I think it should be logged if we want that info but not be an error for the customer
keenwilson
force-pushed
the
fix/ask-before-fallback-console-login
branch
from
5963d5a to
f3af6a6
Compare
3 participants
Problem
When users click “Open in VS Code” from the Lambda console and the request reaches Toolkit without an active connection or with mismatched credentials, Toolkit currently falls back to console credential login (
aws login) immediately. This triggers a browser-based authentication flow without prior notice.Solution
This change adds a modal confirmation dialog before invoking
aws loginin these cases. The dialog explains that Toolkit will sign in using browser-based authentication and states the required prerequisites. Users must explicitly choose to continue before the console login flow starts.The prompt:
This makes the flow intentional, reduces surprise browser redirects, and helps distinguish between informed cancellation and setup issues.
Screenshots
feature/xbranches will not be squash-merged at release time.