How does the AWS CLI open a browser and wait for a response before proceeding?

Question

I'm trying to build a golang cli tool for my company and as part of that build login and some other features into the tool. For the life of me I can't figure out how AWS is able to open a browser window and wait for a few button clicks before proceeding from the CLI.

https://docs.aws.amazon.com/singlesignon/latest/OIDCAPIReference/API_StartDeviceAuthorization.html

Here's the CLI command I input

aws sso login --profile login                                                                                                    

Attempting to automatically open the SSO authorization page in your default browser.
If the browser does not open or you wish to use a different device to authorize this request, open the following URL:

https://device.sso.us-east-1.amazonaws.com/

Then enter the code:

abcd-efgh
Successfully logged into Start URL: https://d-1421421423.awsapps.com/start

Here's the Python docs as well for start device auth and create token

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/sso-oidc/client/start_device_authorization.html https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/sso-oidc/client/create_token.html

Answer 1

One option that I just threw together that seems to be working is a loop that just checks every second

        for attempts <= 30 {
            fmt.Println(attempts)
            token, err := idc.CreateToken(context.TODO(), &createTokenInput)
            if err != nil {
                // if debug is enabled show error
                log.Debug(err.Error())
                attempts++
                // wait 1 second
                time.Sleep(1 * time.Second)
            } else {
                response = *token
                break
            }
        }

Edit:

After running AWS sso login —debug I noticed that the logs are actually looping and running the createToken query over and over, so AWS is doing something similar to the above.