console command doesn't logout from aws account before logging in

[marchenm]

When using sam2aws console with multiple accounts, the accounts don't automatically log out.

Would it be possible to logout any active sessions and then sign in?

[sonicintrusion]

I'm finding it a chore to have to click that "logout" link and then initiate the command again from the cli.

i used to use aws-vault and the same problem exists on that tool too. some users have posted various workarounds so there is hope for us. (for context: 99designs/aws-vault#721)

[sonicintrusion]

Further info (in case anyone is also interested).... the logout function isn't respecting the redirect_uri function. it will always bring up the https://aws.amazon.com/console/ page once it's logged out, so it's pretty impossible to get a clean logout-to-login process working. the messy way is to just do the logout and get saml2aws to open a new page:

example (not working)

open -a "Google Chrome.app" https://signin.aws.amazon.com/oauth?Action=logout&redirect_uri=$(saml2aws -a ${PROFILE} console --link)

example (working):

open -a "Google Chrome.app" https://signin.aws.amazon.com/oauth?Action=logout
saml2aws -a ${PROFILE} console

[sonicintrusion]

oh boy what a rabbit hole... this guy found the working URL - it only works in us-east-1:
https://serverfault.com/questions/985255/is-it-possible-to-switch-between-aws-accounts-without-signing-out-first#comment1460111_1097528

working script:

#!/usr/bin/env bash

PROFILE=${1:-default}

chrome="Google Chrome Dev.app"

# this URL works with the redirect_uri
SIGNIN="https://us-east-1.signin.aws.amazon.com/oauth?Action=logout&redirect_uri=https%3A%2F%2Fus-east-1.signin.aws.amazon.com%2Ffederation%3FAction%3Dlogin%26Destination%3Dhttps%253A%252F%252Fus-west-2.console.aws.amazon.com%252Fconsole%252Fhome%26SigninToken"

# this extracts the TOKEN from saml2
TOKEN=$(saml2aws -a ${PROFILE} console --link | cut -d'=' -f5)

# open works on Mac
open -a "${chrome}" "${SIGNIN}=${TOKEN}"