We need to deprecate and plan to remove the password_prompt kwarg for the OP() constructor.
Originally the purpose of this kwarg was:
- if the caller didn't provide a password
- and they didn't have a valid
OP_SESSION_<token> set from previously authenticating,
- should we allow the
op command to prompt for authentication on the console, or just fail hard?
Now that authentications paths have gotten more complex (bio/no bio, service accounts, etc), and we have the existing_auth= kwarg, allowing the caller to specify "use if available", "ignore", or "required", the password_prompt preference doesn't make any sense.
We should do the following:
- refactor
_new_or_existing_signin() and _do_normal_signin() where it gets used to rely exclusively on existing_auth
- deprecate the kwarg in
OP()
- if the
password_prompt is passed in as True, either adjust existing_auth or possibly raise an exception if the values conflict
We need to deprecate and plan to remove the
password_promptkwarg for theOP()constructor.Originally the purpose of this kwarg was:
OP_SESSION_<token>set from previously authenticating,opcommand to prompt for authentication on the console, or just fail hard?Now that authentications paths have gotten more complex (bio/no bio, service accounts, etc), and we have the
existing_auth=kwarg, allowing the caller to specify "use if available", "ignore", or "required", thepassword_promptpreference doesn't make any sense.We should do the following:
_new_or_existing_signin()and_do_normal_signin()where it gets used to rely exclusively onexisting_authOP()password_promptis passed in asTrue, either adjustexisting_author possibly raise an exception if the values conflict