OAuth migration#54
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c127fe2a26
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| @SerialName("grant_types") | ||
| val grantTypes: List<String>? = null, |
There was a problem hiding this comment.
Model OAuth client response fields as strings
The OAuth client registration response DTO uses list types for grant_types/response_types, but Readeck’s oauthClientResponse schema (see _notes/openapi-spec-nightly.json) defines these fields as strings; when a compliant server returns strings, kotlinx deserialization will fail in registerOAuthClient, causing OAuthDeviceAuthorizationUseCase.initiateDeviceAuthorization() to error out and block login. Please align the response field types with the wire format.
Useful? React with 👍 / 👎.
| TopAppBar( | ||
| title = { Text(stringResource(R.string.settings_account_title)) }, | ||
| navigationIcon = { | ||
| IconButton(onClick = { navHostController.popBackStack() }) { |
There was a problem hiding this comment.
Cancel polling when leaving the auth screen
The back button currently only pops navigation and does not call cancelAuthorization(), so if the user leaves during device authorization, polling keeps running in the application scope and can still complete login in the background even though the user effectively backed out; this is especially problematic because onCleared() intentionally does not stop polling. The back action should explicitly cancel the in-flight authorization job before navigating away.
Useful? React with 👍 / 👎.
OAuth Device Code Authentication Migration
This PR migrates MyDeck from legacy username/password authentication to OAuth 2.0 Device Code Grant (RFC 8628), aligning with Readeck's authentication model.
Key Features
OAuth Device Code Flow
ABCD-EFGH)First-Time User Experience
Background Polling Resilience
UI/UX Improvements
Technical Details
Authentication Flow:
/infoendpointclient_iddevice_code,user_code, verification URL/oauth/tokenendpoint until authorization completesLocalization:
Testing:
Breaking Changes
Compatibility: Requires Readeck server with OAuth support (Readeck 0.15.0+)
Additional changes
Sync + Bookmark Loading Fixes
resources.thumbnail(or other image resources) omittedwidth/heightfields in the API response. These fields now default safely, preventing the entire bookmark sync from aborting.