Deprecate oidcclient.WithBrowserOpen() option, add simpler oidcclient.WithSkipBrowserOpen().

This is a more restrictive library interface that more closely matches the use cases of our new form_post login flow.

Signed-off-by: Matt Moyer <moyerm@vmware.com>

cmd/pinniped/cmd/login_oidc.go

@@ -182,12 +182,9 @@ func runOIDCLogin(cmd *cobra.Command, deps oidcLoginCommandDeps, flags oidcLogin
 		}
 	}
 
-	// --skip-browser replaces the default "browser open" function with one that prints to stderr.
+	// --skip-browser skips opening the browser.
 	if flags.skipBrowser {
-		opts = append(opts, oidcclient.WithBrowserOpen(func(url string) error {
+		opts = append(opts, oidcclient.WithSkipBrowserOpen())
-			cmd.PrintErr("Please log in: ", url, "\n")
-			return nil
-		}))
 	}
 
 	if len(flags.caBundlePaths) > 0 || len(flags.caBundleData) > 0 {

pkg/oidcclient/login.go

@@ -158,6 +158,9 @@ func WithScopes(scopes []string) Option {
 
 // WithBrowserOpen overrides the default "open browser" functionality with a custom callback. If not specified,
 // an implementation using https://github.com/pkg/browser will be used by default.
+//
+// Deprecated: this option will be removed in a future version of Pinniped. See the
+// WithSkipBrowserOpen() option instead.
 func WithBrowserOpen(openURL func(url string) error) Option {
 	return func(h *handlerState) error {
 		h.openURL = openURL
@@ -165,6 +168,15 @@ func WithBrowserOpen(openURL func(url string) error) Option {
 	}
 }
 
+// WithSkipBrowserOpen causes the login to only print the authorize URL, but skips attempting to
+// open the user's default web browser.
+func WithSkipBrowserOpen() Option {
+	return func(h *handlerState) error {
+		h.openURL = func(_ string) error { return nil }
+		return nil
+	}
+}
+
 // SessionCacheKey contains the data used to select a valid session cache entry.
 type SessionCacheKey struct {
 	Issuer      string   `json:"issuer"`