fix(sso): re-auth on profile switch + support MAUA (#1226)

* fix(sso): add select_account for MAUA (multiple account user auth)

* fix(sso): re-auth

* refactor(sso): only set hints if non-empty string

* refactor(sso): only set select_account for profile create

* refactor(sso): update code and tests to use /current_customer endpoint

* refactor(sso): update error message to reflect new API call

Co-authored-by: Patrick Hamann <[email protected]>

* fix(sso): remove unnecessary header

* doc(sso): correct CurrentCustomerResponse annotation

* doc(testutil): correct CurrentCustomerClient/CurrentCustomerResponse annotation

* fix(profile/list): use corrert format type for output

* fix(profile/delete): spacing around success output

* fix(profile/list): spacing around success output

* fix(profile/switch): make sure auth server is running

---------

Co-authored-by: Patrick Hamann <[email protected]>

Author: Integralist

pkg/app/run.go

@@ -622,7 +622,7 @@ func commandCollectsData(command string) bool {
 // requires just the authentication server to be running.
 func commandRequiresAuthServer(command string) bool {
 	switch command {
-	case "profile create", "profile update":
+	case "profile create", "profile switch", "profile update":
 		return true
 	}
 	return false

pkg/commands/commands.go

@@ -354,7 +354,7 @@ func Define(
 	profileCreate := profile.NewCreateCommand(profileCmdRoot.CmdClause, data, ssoCmdRoot)
 	profileDelete := profile.NewDeleteCommand(profileCmdRoot.CmdClause, data)
 	profileList := profile.NewListCommand(profileCmdRoot.CmdClause, data)
-	profileSwitch := profile.NewSwitchCommand(profileCmdRoot.CmdClause, data)
+	profileSwitch := profile.NewSwitchCommand(profileCmdRoot.CmdClause, data, ssoCmdRoot)
 	profileToken := profile.NewTokenCommand(profileCmdRoot.CmdClause, data)
 	profileUpdate := profile.NewUpdateCommand(profileCmdRoot.CmdClause, data, ssoCmdRoot)
 	purgeCmdRoot := purge.NewRootCommand(app, data)

pkg/commands/profile/delete.go

@@ -32,6 +32,9 @@ func (c *DeleteCommand) Exec(_ io.Reader, out io.Writer) error {
 		if err := c.Globals.Config.Write(c.Globals.ConfigPath); err != nil {
 			return err
 		}
+		if c.Globals.Verbose() {
+			text.Break(out)
+		}
 		text.Success(out, "Profile '%s' deleted", c.profile)
 
 		if _, p := profile.Default(c.Globals.Config.Profiles); p == nil && len(c.Globals.Config.Profiles) > 0 {

pkg/commands/profile/list.go

@@ -56,6 +56,9 @@ func (c *ListCommand) Exec(_ io.Reader, out io.Writer) error {
 	if p == nil {
 		text.Warning(out, profile.NoDefaults)
 	} else {
+		if c.Globals.Verbose() {
+			text.Break(out)
+		}
 		text.Info(out, "Default profile highlighted in red.\n\n")
 		display(name, p, out, text.BoldRed)
 	}
@@ -76,4 +79,8 @@ func display(k string, v *config.Profile, out io.Writer, style func(a ...any) st
 	text.Output(out, "%s: %s", style("Email"), v.Email)
 	text.Output(out, "%s: %s", style("Token"), v.Token)
 	text.Output(out, "%s: %t", style("SSO"), !auth.IsLongLivedToken(v))
+	if !auth.IsLongLivedToken(v) {
+		text.Output(out, "%s: %s", style("Customer ID"), v.CustomerID)
+		text.Output(out, "%s: %s", style("Customer Name"), v.CustomerName)
+	}
 }

pkg/commands/profile/profile_test.go

@@ -437,6 +437,8 @@ func TestProfileList(t *testing.T) {
     "access_token": "",
     "access_token_created": 0,
     "access_token_ttl": 0,
+    "customer_id": "",
+    "customer_name": "",
     "default": false,
     "email": "[email protected]",
     "refresh_token": "",
@@ -448,6 +450,8 @@ func TestProfileList(t *testing.T) {
     "access_token": "",
     "access_token_created": 0,
     "access_token_ttl": 0,
+    "customer_id": "",
+    "customer_name": "",
     "default": false,
     "email": "[email protected]",
     "refresh_token": "",

pkg/commands/profile/switch.go

@@ -6,6 +6,7 @@ import (
 	"io"
 
 	"github.com/fastly/cli/pkg/argparser"
+	"github.com/fastly/cli/pkg/commands/sso"
 	"github.com/fastly/cli/pkg/global"
 	"github.com/fastly/cli/pkg/profile"
 	"github.com/fastly/cli/pkg/text"
@@ -16,32 +17,58 @@ type SwitchCommand struct {
 	argparser.Base
 
 	profile string
+	ssoCmd  *sso.RootCommand
 }
 
 // NewSwitchCommand returns a usable command registered under the parent.
-func NewSwitchCommand(parent argparser.Registerer, g *global.Data) *SwitchCommand {
+func NewSwitchCommand(parent argparser.Registerer, g *global.Data, ssoCmd *sso.RootCommand) *SwitchCommand {
 	var c SwitchCommand
 	c.Globals = g
+	c.ssoCmd = ssoCmd
 	c.CmdClause = parent.Command("switch", "Switch user profile")
 	c.CmdClause.Arg("profile", "Profile to switch to").Short('p').Required().StringVar(&c.profile)
 	return &c
 }
 
 // Exec invokes the application logic for the command.
-func (c *SwitchCommand) Exec(_ io.Reader, out io.Writer) error {
-	var ok bool
+func (c *SwitchCommand) Exec(in io.Reader, out io.Writer) error {
+	// We get the named profile to check if it's an SSO-based profile.
+	// If we're switching to an SSO-based profile, then we need to re-auth.
+	p := profile.Get(c.profile, c.Globals.Config.Profiles)
+	if p == nil {
+		err := fmt.Errorf(profile.DoesNotExist, c.profile)
+		c.Globals.ErrLog.Add(err)
+		return err
+	}
+	if isSSOToken(p) {
+		// IMPORTANT: We need to set profile fields for `sso` command.
+		//
+		// This is so the `sso` command will use this information to trigger the
+		// correct authentication flow.
+		c.ssoCmd.InvokedFromProfileSwitch = true
+		c.ssoCmd.ProfileSwitchName = c.profile
+		c.ssoCmd.ProfileSwitchEmail = p.Email
+		c.ssoCmd.ProfileSwitchCustomerID = p.CustomerID
+		c.ssoCmd.ProfileDefault = true
+
+		err := c.ssoCmd.Exec(in, out)
+		if err != nil {
+			return fmt.Errorf("failed to authenticate: %w", err)
+		}
+		text.Success(out, "\nProfile switched to '%s'", c.profile)
+		return nil
+	}
 
 	// We call SetDefault for its side effect of resetting all other profiles to have
 	// their Default field set to false.
-	p, ok := profile.SetDefault(c.profile, c.Globals.Config.Profiles)
+	ps, ok := profile.SetDefault(c.profile, c.Globals.Config.Profiles)
 	if !ok {
 		msg := fmt.Sprintf(profile.DoesNotExist, c.profile)
 		err := errors.New(msg)
 		c.Globals.ErrLog.Add(err)
 		return err
 	}
-
-	c.Globals.Config.Profiles = p
+	c.Globals.Config.Profiles = ps
 
 	if err := c.Globals.Config.Write(c.Globals.ConfigPath); err != nil {
 		c.Globals.ErrLog.Add(err)