Module: ShapeupCli::Auth

Defined in:

lib/shapeup_cli/auth.rb

Constant Summary

CLIENT_NAME =

"ShapeUp CLI"

Class Method Summary

• .login(host: Config.host) ⇒ Object

  OAuth 2.1 PKCE login flow: 1.

• .token ⇒ Object

Class Method Details

.login(host: Config.host) ⇒ Object

OAuth 2.1 PKCE login flow:

1. Discover OAuth metadata from /.well-known/oauth-authorization-server

2. Dynamically register client (loopback redirect)

3. Start local callback server

4. Open browser for authorisation

5. Receive code on callback

6. Exchange code for token via PKCE

# File 'lib/shapeup_cli/auth.rb', line 15

def self.login(host: Config.host)
  metadata = discover_metadata(host)
  callback_port = find_available_port
  redirect_uri = "http://127.0.0.1:#{callback_port}/callback"

  client = register_client(metadata["registration_endpoint"], redirect_uri)
  code_verifier = generate_code_verifier
  code_challenge = generate_code_challenge(code_verifier)
  state = SecureRandom.hex(16)

  auth_url = build_auth_url(
    metadata["authorization_endpoint"],
    client_id: client["client_id"],
    redirect_uri: redirect_uri,
    code_challenge: code_challenge,
    state: state
  )

  puts "Opening browser for authentication..."
  puts "If the browser doesn't open, visit:"
  puts "  #{auth_url}"
  puts

  open_browser(auth_url)

  code = wait_for_callback(callback_port, state)

  token_response = exchange_code(
    metadata["token_endpoint"],
    code: code,
    client_id: client["client_id"],
    redirect_uri: redirect_uri,
    code_verifier: code_verifier
  )

  token_response
end

.token ⇒ Object

# File 'lib/shapeup_cli/auth.rb', line 53

def self.token
  Config.token
end