Skip to content

OAuth authentication flow#6

Merged
vilmibm merged 7 commits intomasterfrom
oauth
Oct 18, 2019
Merged

OAuth authentication flow#6
vilmibm merged 7 commits intomasterfrom
oauth

Conversation

@mislav
Copy link
Copy Markdown
Contributor

@mislav mislav commented Oct 8, 2019
edited
Loading

  1. The web browser to https://github.com/login/oauth/authorize?... opens;
  2. The web server starts at localhost:<port> (port is random each time);
  3. The OAuth flow redirects back to localhost with ?code=...;
  4. The local server shuts down;
  5. We exchange code for access_token by POSTing to https://github.com/login/oauth/access_token.

You can verify that the authorization token you've just obtained works:

curl https://<TOKEN>@api.github.com/user

TODO:

  • Detect currently available port number;
  • Generate random unguessable state;
  • Verify state upon request to localhost;
  • Repackage this from "main" to something usable;
  • Figure out where to securely store the token It is in ~/.config/gh for now.

@tierninho tierninho requested review from tierninho and removed request for tierninho October 9, 2019 22:57
@probablycorey
Copy link
Copy Markdown
Contributor

probablycorey commented Oct 11, 2019

Just tried this out @mislav and it works, I love it 💯💯💯

@mislav mislav mentioned this pull request Oct 17, 2019
Merged
@mislav mislav changed the base branch from prototype to master October 18, 2019 17:09
@mislav mislav marked this pull request as ready for review October 18, 2019 17:10
@mislav
Copy link
Copy Markdown
Contributor Author

mislav commented Oct 18, 2019
edited
Loading

This is now wired up with the rest of the app and ready for review!

The config file is ~/.config/gh. If it doesn't already have credentials, the user will be taken to the web OAuth flow.

⚠️ BIG CAVEAT: Due to security restrictions, the "GitHub CLI" oauth app (currently registered as belonging to my account) is not yet pre-authorized to access private github/* repos. This means that after you authenticate, you won't be able to use gh to access data from this repository. You can set GH_REPO=desktop/desktop to pull data from another repo while testing.

mislav
mislav commented Oct 18, 2019
View reviewed changes
context/config_viewer.go

// TODO: figure out how to enable using the "api" package here
//
// Right now "api" is coupled to "context", so we can't import "api" from here.
Copy link
Copy Markdown
Contributor Author

@mislav mislav Oct 18, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've discovered that I can't import "api" from here to gain access to the GraphQL() function because "api" already depends on "context", and that would create a circular dependency which Go compiler strictly forbids.

I'm not happy with this file and that I had to reimplement large parts of GraphQL logic. Going forward, let's figure out how to eliminate this circular dependency please!

@vilmibm vilmibm self-requested a review October 18, 2019 18:56
vilmibm
vilmibm approved these changes Oct 18, 2019
View reviewed changes
Copy link
Copy Markdown
Contributor

@vilmibm vilmibm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it rules ✨

@vilmibm vilmibm merged commit adaaf4d into master Oct 18, 2019
@mislav mislav deleted the oauth branch October 31, 2019 10:00
@minhdient49-tech
Copy link
Copy Markdown

minhdient49-tech commented Oct 3, 2025

  1. The web browser to https://github.com/login/oauth/authorize?... opens;
  2. The web server starts at localhost:<port> (port is random each time);
  3. The OAuth flow redirects back to localhost with ?code=...;
  4. The local server shuts down;
  5. We exchange code for access_token by POSTing to https://github.com/login/oauth/access_token.

You can verify that the authorization token you've just obtained works:

curl https://<TOKEN>@api.github.com/user

TODO:

  • Detect currently available port number;
  • Generate random unguessable state;
  • Verify state upon request to localhost;
  • Repackage this from "main" to something usable;
  • Figure out where to securely store the token It is in ~/.config/gh for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@vilmibm vilmibm vilmibm approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mislav @probablycorey @minhdient49-tech @vilmibm