Merge pull request #1067 from synfinatic/faq-auto-login

add AutoLogin to FAQ
synfinatic · Sep 30, 2024 · f224d3d · f224d3d
2 parents d7d456e + 517d040
commit f224d3d
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/docs/FAQ.md b/docs/FAQ.md
@@ -35,6 +35,16 @@ have to wait a few minutes.
 
 You can see what the AWS ListAccountRoles API is returning via `aws-sso cache -L debug`
 
+### Why does aws-sso say I need to login now?
+
+As of v2.x, `aws-sso` now expects you to explicitly login via the `login` command as training
+users to expect to be auto-prompted via the browser made it more likely an attacker could
+successfully phish their credentials. By requiring logging in to be explictly initiated by
+the user, it becomes easier to identify when browser prompts are legitimately for `aws-sso`.
+
+Users wishing to utilize the previous auto-login mechanisim can use then [AutoLogin](config.md#autologin)
+configuration option.
+
 --
 
 ## Advanced Features