diff --git a/internal/cli/cli.go b/internal/cli/cli.go index 927d7223c..acf8c6104 100644 --- a/internal/cli/cli.go +++ b/internal/cli/cli.go @@ -207,18 +207,23 @@ func (c *cli) prepareTenant(ctx context.Context) (Tenant, error) { return Tenant{}, err } - if t.AccessToken == "" || (scopesChanged(t) && t.authenticatedWithDeviceCodeFlow()) { - return RunLoginAsUser(ctx, c, true) + if scopesChanged(t) && t.authenticatedWithDeviceCodeFlow() { + c.renderer.Warnf("Required scopes have changed. Please sign in to re-authorize the CLI.") + return RunLoginAsUser(ctx, c) } - if !t.hasExpiredToken() { + if t.AccessToken != "" && !t.hasExpiredToken() { return t, nil } if err := t.regenerateAccessToken(ctx, c); err != nil { // Ask and guide the user through the login process. - c.renderer.Errorf("failed to renew access token, %s", err) - return RunLoginAsUser(ctx, c, true) + if t.authenticatedWithDeviceCodeFlow() { + c.renderer.Warnf("Failed to renew access token. Please sign in to re-authenticate the CLI.") + return RunLoginAsUser(ctx, c) + } + + return t, fmt.Errorf("Failed to renew access token. This may occur if the designated application has been deleted or client secret has been rotated. Please re-authenticate by running `auth0 login --as-machine`") } if err := c.addTenant(t); err != nil { diff --git a/internal/cli/login.go b/internal/cli/login.go index 7be564b1c..12ef40d5a 100644 --- a/internal/cli/login.go +++ b/internal/cli/login.go @@ -66,7 +66,12 @@ auth0 login --domain --client-id --client-secret --client-id --client-secret