Skip to content

Add initial OAuth support#637

Merged
mcncl merged 12 commits intomainfrom
feat/oauth
Feb 6, 2026
Merged

Add initial OAuth support#637
mcncl merged 12 commits intomainfrom
feat/oauth

Conversation

@mcncl
Copy link
Contributor

@mcncl mcncl commented Feb 5, 2026
edited
Loading

Description

Implements OAuth support via bk auth login.

Changes

  • Adds OAUTH_CLIENT_ID to pipeline (and in Cluster secrets)
    • It's not strictly private, but this is best practise
  • Updates .goreleaser to support injection of OAuth Client ID in built binaries
  • Adds login and logout subcommands to auth root
    • bk auth login & bk auth logout
  • Stores tokens in keyring (OS)
  • Removes auth alias for configure (that was temporary anyway)
  • Adds some basic OAuth function; authorized page etc in browser

Testing

  • Tests have run locally (with go test ./...)
  • Code is formatted (with go fmt ./...)

Caveats

Still to come; removing tokens from text-based config.

Disclosures / Credits

I had used Claude to implement the OAuth endpoint in bk/bk due to my lack of Rails experience, so I consulted with it to ensure the implementation approach for the CLI would be in line, functionally, with how the bk/bk OAuth was built.

mcncl added 4 commits February 4, 2026 11:27
@mcncl
1e7e83c
@mcncl
Add verbosity to some comments
4cbc672 
A couple of comments weren't detailed enough, they passed the linting
checks but future visitors could do with more context
@mcncl
Format the OAuth code
25a641c 
Linting failed due to an unformatted file.
@mcncl
Maybe passing secret values to compose
ce53ab5 
Testing to see if the secrets need to be passed to the container running
goreleaser
@mcncl mcncl requested a review from a team as a code owner February 5, 2026 07:31
scadu
scadu reviewed Feb 5, 2026
View reviewed changes
@mcncl
Appease the RFC
823a9c8 
Localhost bad
@mcncl mcncl requested a review from scadu February 5, 2026 11:21
JoeColeman95
JoeColeman95 previously approved these changes Feb 5, 2026
View reviewed changes
@JoeColeman95
Copy link
Contributor

JoeColeman95 commented Feb 5, 2026

Looks great 🔒

JoeColeman95
JoeColeman95 requested changes Feb 5, 2026
View reviewed changes
mcncl and others added 2 commits February 6, 2026 09:56
@mcncl @JoeColeman95
Update pkg/oauth/oauth.go
6f58aea 
Co-authored-by: Joe Coleman <107399878+JoeColeman95@users.noreply.github.com>
@mcncl @JoeColeman95
Update cmd/auth/login.go
6701134 
Co-authored-by: Joe Coleman <107399878+JoeColeman95@users.noreply.github.com>
JoeColeman95
JoeColeman95 previously approved these changes Feb 5, 2026
View reviewed changes
Copy link
Contributor

@JoeColeman95 JoeColeman95 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving as last outstanding is not breaking and can be iterated on if needed

@mcncl
Improve UX and use caching of token availability
1fdff4a 
Implements use of `sync.Once` so that we don't need to use expensive I/O
operations.

Additionally removes the need for `CI=true` as `keyring` has a
`MockForTesting` interface available.

Appended a random suffix to test keys to avoid clashes.
@mcncl mcncl requested a review from JoeColeman95 February 6, 2026 04:30
@mcncl mcncl merged commit a5d1b78 into main Feb 6, 2026
1 check passed
@mcncl mcncl deleted the feat/oauth branch February 6, 2026 07:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JoeColeman95 JoeColeman95 JoeColeman95 approved these changes

@scadu scadu Awaiting requested review from scadu

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mcncl @JoeColeman95 @scadu