From ac6ff1a03c79b59d77aec9a7a2ac70958e465a47 Mon Sep 17 00:00:00 2001
From: Matt Moyer <moyerm@vmware.com>
Date: Wed, 7 Jul 2021 17:17:57 -0500
Subject: [PATCH] Deprecate oidcclient.WithBrowserOpen() option, add simpler
 oidcclient.WithSkipBrowserOpen().

This is a more restrictive library interface that more closely matches the use cases of our new form_post login flow.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
---
 cmd/pinniped/cmd/login_oidc.go |  7 ++-----
 pkg/oidcclient/login.go        | 12 ++++++++++++
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/cmd/pinniped/cmd/login_oidc.go b/cmd/pinniped/cmd/login_oidc.go
index 83542c01..1d6e02b0 100644
--- a/cmd/pinniped/cmd/login_oidc.go
+++ b/cmd/pinniped/cmd/login_oidc.go
@@ -182,12 +182,9 @@ func runOIDCLogin(cmd *cobra.Command, deps oidcLoginCommandDeps, flags oidcLogin
 		}
 	}
 
-	// --skip-browser replaces the default "browser open" function with one that prints to stderr.
+	// --skip-browser skips opening the browser.
 	if flags.skipBrowser {
-		opts = append(opts, oidcclient.WithBrowserOpen(func(url string) error {
-			cmd.PrintErr("Please log in: ", url, "\n")
-			return nil
-		}))
+		opts = append(opts, oidcclient.WithSkipBrowserOpen())
 	}
 
 	if len(flags.caBundlePaths) > 0 || len(flags.caBundleData) > 0 {
diff --git a/pkg/oidcclient/login.go b/pkg/oidcclient/login.go
index 836f2790..baa9ac19 100644
--- a/pkg/oidcclient/login.go
+++ b/pkg/oidcclient/login.go
@@ -158,6 +158,9 @@ func WithScopes(scopes []string) Option {
 
 // WithBrowserOpen overrides the default "open browser" functionality with a custom callback. If not specified,
 // an implementation using https://github.com/pkg/browser will be used by default.
+//
+// Deprecated: this option will be removed in a future version of Pinniped. See the
+// WithSkipBrowserOpen() option instead.
 func WithBrowserOpen(openURL func(url string) error) Option {
 	return func(h *handlerState) error {
 		h.openURL = openURL
@@ -165,6 +168,15 @@ func WithBrowserOpen(openURL func(url string) error) Option {
 	}
 }
 
+// WithSkipBrowserOpen causes the login to only print the authorize URL, but skips attempting to
+// open the user's default web browser.
+func WithSkipBrowserOpen() Option {
+	return func(h *handlerState) error {
+		h.openURL = func(_ string) error { return nil }
+		return nil
+	}
+}
+
 // SessionCacheKey contains the data used to select a valid session cache entry.
 type SessionCacheKey struct {
 	Issuer      string   `json:"issuer"`