MacOS version to hijack aws sso login (bash script, put it into $HOME/bin/aws or somewhere visible)

aws.sh

#!/bin/bash
set -euo pipefail

REAL_AWS="/opt/homebrew/bin/aws"

is_help() {
    local arg
    for arg in "$@"; do
        case "$arg" in
            help|-h|--help) return 0 ;;
        esac
    done
    return 1
}

open_chrome_window() {
    local url="$1"
    osascript - "$url" <<'APPLESCRIPT'
on run argv
    set theURL to item 1 of argv
    tell application "Google Chrome"
        activate
        set w to make new window
        set URL of active tab of w to theURL
        return id of w
    end tell
end run
APPLESCRIPT
}

close_chrome_window() {
    local wid="$1"
    osascript - "$wid" <<'APPLESCRIPT'
on run argv
    set wid to (item 1 of argv) as integer
    tell application "Google Chrome"
        try
            close (first window whose id is wid)
        end try
    end tell
end run
APPLESCRIPT
}

frontmost_app() {
    osascript -e \
        'tell application "System Events" to get name of first process whose frontmost is true' \
        2>/dev/null || true
}

focus_app() {
    local app="$1"
    osascript -e 'tell application "'"$app"'" to activate' 2>/dev/null || true
}

sso_login() {
    local wid=""
    local rc=0
    local term_app

    term_app="$(frontmost_app)"

    while IFS= read -r line; do
        printf '%s\n' "$line"

        if [[ -z "$wid" && "$line" =~ (https://[^[:space:]]+) ]]; then
            wid="$(open_chrome_window "${BASH_REMATCH[1]}")"
        fi
    done < <(script -q /dev/null "$REAL_AWS" sso login --no-browser "$@" 2>&1) || rc=$?

    if [[ $rc -eq 0 && -n "$wid" ]]; then
        close_chrome_window "$wid"
    fi

    if [[ -n "$term_app" ]]; then
        focus_app "$term_app"
    fi

    return "$rc"
}

# Never hijack help
if is_help "$@"; then
    exec "$REAL_AWS" "$@"
fi

# Hijack: aws sso login
if [[ "${1-}" == "sso" && "${2-}" == "login" ]]; then
    sso_login "${@:3}"
    exit
fi

exec "$REAL_AWS" "$@"