pam/adapter: skip authModeSelection stage for interactive terminal

[adombeck]

When authenticating via an interactive terminal (e.g. sudo), the auth
mode selection list was often briefly visible before the first mode was
auto-selected and the challenge view appeared.

Fix this by skipping the transition to the authModeSelection stage
entirely for InteractiveTerminal clients: fetch auth modes and
immediately auto-select the first one.

For GDM and Native clients the existing behaviour is preserved:

• GDM fetches modes then transitions to authModeSelection, deferring
  the auto-selection until the list is focused.
• Native MFA (auth.Next) transitions to authModeSelection first so that
  when modes arrive the list is already focused and the immediate
  auto-selection safely drives the next challenge.

[3v1n0]

I feel this opens the gate for races, I did have another branch that was avoiding showing it but it was instead waiting and using spinners in between stages.

I need to find out in my stashes :), but it was avoiding the re-introduction of races.

[3v1n0]

The rationale for this was explained in 52abc8f

[adombeck]

The rationale for this was explained in 52abc8f

Yeah I've seen that and still plan to look into that to decide if/how to continue here

[Copilot]

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• dl.google.com
  • Triggering command: /usr/lib/apt/methods/https /usr/lib/apt/methods/https -slog -stringintconv -tests (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 87.02%. Comparing base (936e4ce) to head (2852bc7).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1524      +/-   ##
==========================================
- Coverage   87.02%   87.02%   -0.01%     
==========================================
  Files          93       93              
  Lines        6443     6449       +6     
  Branches      111      111              
==========================================
+ Hits         5607     5612       +5     
- Misses        780      781       +1     
  Partials       56       56              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[adombeck]

@3v1n0 I think the current change should avoid races but still avoid briefly showing the selection. Please take a look :)

[denisonbarbosa]

LGTM!