Skip to content

feat(oauth): use oauth device flow to authenticate with predefined src-cli OAuth client #1223

Open
burmudar wants to merge 8 commits intomainfrom
wb/add-oauth-device-flow
Open

feat(oauth): use oauth device flow to authenticate with predefined src-cli OAuth client #1223
burmudar wants to merge 8 commits intomainfrom
wb/add-oauth-device-flow

Conversation

@burmudar
Copy link
Contributor

@burmudar burmudar commented Dec 3, 2025
edited
Loading

This adds the flag --oauth to login command which then starts the OAuth device authentication flow. gh does the same flow when you authenticate from the cli with gh auth login.

  • add package internal/oauth
  • discover oauth configuration via path .well-known/openid-configuration
  • add client to handle flow, in particular to discover the endpoints it should use and ultimately poll for the token once the user as authorized the application.

In #1228 we add a keyring to store the oauth credentials.

Important

A Follow up will remove the --oauth flag and make it dynamically decide to start the flow or not based on whether the access token is set.

Test plan

  • Unit tests
go test -v ./internal/oauthdevice/...
=== RUN   TestDiscover_Success
--- PASS: TestDiscover_Success (0.00s)
=== RUN   TestDiscover_Caching
--- PASS: TestDiscover_Caching (0.00s)
=== RUN   TestDiscover_Error
--- PASS: TestDiscover_Error (0.00s)
=== RUN   TestStart_Success
--- PASS: TestStart_Success (0.00s)
=== RUN   TestStart_WithScopes
--- PASS: TestStart_WithScopes (0.00s)
=== RUN   TestStart_Error
--- PASS: TestStart_Error (0.00s)
=== RUN   TestStart_NoDeviceEndpoint
--- PASS: TestStart_NoDeviceEndpoint (0.00s)
=== RUN   TestPoll_Success
--- PASS: TestPoll_Success (0.00s)
=== RUN   TestPoll_AuthorizationPending
--- PASS: TestPoll_AuthorizationPending (0.00s)
=== RUN   TestPoll_SlowDown
--- PASS: TestPoll_SlowDown (0.00s)
=== RUN   TestPoll_ExpiredToken
--- PASS: TestPoll_ExpiredToken (0.00s)
=== RUN   TestPoll_AccessDenied
--- PASS: TestPoll_AccessDenied (0.00s)
=== RUN   TestPoll_Timeout
--- PASS: TestPoll_Timeout (0.00s)
=== RUN   TestPoll_ContextCancellation
--- PASS: TestPoll_ContextCancellation (0.00s)
PASS
ok      github.com/sourcegraph/src-cli/internal/oauthdevice     0.625s
  • Tested manually against my local SG

Amp thread

@burmudar burmudar self-assigned this Dec 3, 2025
@burmudar burmudar requested review from a team and eseliger December 3, 2025 13:37
@burmudar burmudar marked this pull request as ready for review December 3, 2025 13:37
eseliger
eseliger reviewed Dec 3, 2025
View reviewed changes
@burmudar burmudar marked this pull request as draft December 4, 2025 06:51
@burmudar burmudar force-pushed the wb/add-oauth-device-flow branch from 465fe85 to fd1668e Compare December 8, 2025 10:40
@burmudar
Copy link
Contributor Author

burmudar commented Dec 8, 2025
edited
Loading

This change is part of the following stack:

Change managed by git-spice.

This was referenced Dec 8, 2025
Open
Open
@burmudar burmudar changed the title feat(auth): use oauth device flow to authenticate with predefined src-cli OAuth client feat(oauth): use oauth device flow to authenticate with predefined src-cli OAuth client Dec 8, 2025
burmudar
burmudar commented Dec 8, 2025
View reviewed changes
keegancsmith
keegancsmith reviewed Dec 8, 2025
View reviewed changes
keegancsmith
keegancsmith reviewed Dec 8, 2025
View reviewed changes
@burmudar burmudar force-pushed the wb/add-oauth-device-flow branch 2 times, most recently from 1565618 to 9a04958 Compare January 23, 2026 09:10
@burmudar burmudar force-pushed the wb/add-oauth-device-flow branch from 9a04958 to c1c82ec Compare February 26, 2026 12:33
@burmudar burmudar marked this pull request as ready for review February 26, 2026 14:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eseliger eseliger Awaiting requested review from eseliger

@keegancsmith keegancsmith Awaiting requested review from keegancsmith

At least 1 approving review is required to merge this pull request.

Assignees

@burmudar burmudar

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@burmudar @keegancsmith @eseliger