From c7f4b77d8281661b05547d84be49a4ac7e7af834 Mon Sep 17 00:00:00 2001
From: Eirik Nygaard <eirik.nygaard@yahooinc.com>
Date: Tue, 26 Nov 2024 08:51:12 +0100
Subject: [PATCH 1/2] Only successful login if persistence of tokens was
 succesful

---
 client/go/internal/cli/cmd/login.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/client/go/internal/cli/cmd/login.go b/client/go/internal/cli/cmd/login.go
index 3d63266afbce..ff9db35d5152 100644
--- a/client/go/internal/cli/cmd/login.go
+++ b/client/go/internal/cli/cmd/login.go
@@ -75,8 +75,6 @@ This command runs a browser-based authentication flow for the Vespa Cloud contro
 				return fmt.Errorf("login error: %w", err)
 			}
 
-			cli.printSuccess("Logged in")
-
 			// store the refresh token
 			secretsStore := &auth.Keyring{}
 			err = secretsStore.Set(auth.SecretsNamespace, system.Name, res.RefreshToken)
@@ -93,7 +91,9 @@ This command runs a browser-based authentication flow for the Vespa Cloud contro
 			if err := a.WriteCredentials(creds); err != nil {
 				return fmt.Errorf("failed to write credentials: %w", err)
 			}
-			return err
+
+			cli.printSuccess("Logged in")
+			return nil
 		},
 	}
 }

From efde493821fd40c76aee45c2d8cb27e10b89672f Mon Sep 17 00:00:00 2001
From: Eirik Nygaard <eirik.nygaard@yahooinc.com>
Date: Tue, 26 Nov 2024 09:43:36 +0100
Subject: [PATCH 2/2] Add hints and proper error message for SSO enforcement

---
 client/go/internal/cli/cmd/login.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/client/go/internal/cli/cmd/login.go b/client/go/internal/cli/cmd/login.go
index ff9db35d5152..2c0e09369f1a 100644
--- a/client/go/internal/cli/cmd/login.go
+++ b/client/go/internal/cli/cmd/login.go
@@ -72,7 +72,14 @@ This command runs a browser-based authentication flow for the Vespa Cloud contro
 			})
 
 			if err != nil {
-				return fmt.Errorf("login error: %w", err)
+				switch err.Error() {
+				case "600":
+					return errHint(fmt.Errorf("Unable to login through social channels"),
+						"Your organization does not allow logging in through our social channels",
+						"Please login by entering your address into the email field")
+				default:
+					return fmt.Errorf("login error: %w", err)
+				}
 			}
 
 			// store the refresh token