feat: add GitHub OAuth device flow auth, API wrapper, and secure storage#261
feat: add GitHub OAuth device flow auth, API wrapper, and secure storage#261gambtho wants to merge 2 commits intoAzure:mainfrom
Conversation
There was a problem hiding this comment.
Pull request overview
This pull request adds GitHub OAuth device flow authentication, secure token storage, and a comprehensive GitHub API wrapper to support the AKS Desktop plugin's GitHub integration features. The PR also refactors Azure CLI command execution to use a shared runCommandAsync utility.
Changes:
- Implements GitHub OAuth device flow authentication using Headlamp's
/externalproxyto bypass CORS restrictions - Adds Electron
safeStoragewrapper with localStorage fallback for encrypted token persistence - Provides Octokit-based GitHub API wrapper for repository operations, workflow management, and Copilot integration
- Refactors Azure CLI utilities to use shared
runCommandAsyncfunction fromutils/shared/run-command.ts - Adds comprehensive test coverage (26 tests for auth, 36 for API, 9 for run-command)
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
plugins/aks-desktop/src/utils/shared/run-command.ts |
New shared command execution utility that always resolves (never rejects) with stdout/stderr |
plugins/aks-desktop/src/utils/shared/run-command.test.ts |
Comprehensive tests for command execution including error handling edge cases |
plugins/aks-desktop/src/utils/github/secure-storage.ts |
Electron safeStorage wrapper with validation of all three IPC methods |
plugins/aks-desktop/src/utils/github/github-auth.ts |
GitHub OAuth device flow implementation with token refresh and secure storage |
plugins/aks-desktop/src/utils/github/github-auth.test.ts |
Tests for OAuth flows, token expiry, and storage migration |
plugins/aks-desktop/src/utils/github/github-api.ts |
Octokit wrapper for GitHub API operations including repo checks, workflow dispatch, and Copilot integration |
plugins/aks-desktop/src/utils/github/github-api.test.ts |
Comprehensive API wrapper tests with mocked Octokit responses |
plugins/aks-desktop/src/utils/azure/az-cli.ts |
Refactored to use shared runCommandAsync and expose runAzCommand wrapper |
plugins/aks-desktop/src/utils/azure/checkAzureCli.ts |
Updated to use runAzCommand instead of runCommandAsync |
plugins/aks-desktop/src/utils/azure/aks.ts |
Updated to import runAzCommand instead of runCommandAsync |
plugins/aks-desktop/src/types/github.ts |
New GitHub type definitions for repos, readiness checks, and workflow statuses |
plugins/aks-desktop/src/components/AzureAuth/AzureProfilePage.tsx |
Updated logout handler to use runAzCommand with stderr error checking |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
sniok
left a comment
sniok
left a comment
There was a problem hiding this comment.
I've left a couple of comments
gambtho
force-pushed
the
ca/pr2-github-auth
branch
2 times, most recently
from
f4e7cdd to
e97f6f5
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 13 out of 13 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
gambtho
force-pushed
the
ca/pr2-github-auth
branch
from
e97f6f5 to
4fe430f
Compare
gambtho
force-pushed
the
ca/pr2-github-auth
branch
from
4fe430f to
50dd8af
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Add GitHub OAuth device flow authentication using Headlamp's /externalproxy to bypass CORS on GitHub's token endpoints. Includes device code initiation, token exchange polling, and refresh token support. Add Electron safeStorage wrapper for encrypted token persistence with localStorage fallback for dev mode.
gambtho
force-pushed
the
ca/pr2-github-auth
branch
from
50dd8af to
f8b9963
Compare
Add Octokit-based GitHub API wrapper for repository listing, workflow dispatch, and file operations. Define GitHub repo and workflow types. Scope app install URL to selected repositories by ID.
gambtho
force-pushed
the
ca/pr2-github-auth
branch
from
f8b9963 to
ccd358f
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 7 out of 7 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
2 participants
Summary
/externalproxyto bypass CORS on GitHub's token endpointssafeStoragewrapper for encrypted token persistence (no insecure fallback)Key design decisions
/externalproxyendpoint instead of shelling out tocurl, avoiding command allowlist changes, cross-platform issues, and process-list token exposuregetDesktopApi()validates all three IPC methods before returning the API to prevent partial-implementation runtime errorsTest plan
github-authunit tests pass (26 tests)github-apiunit tests pass (36 tests)proxy-urlsinapp-build-manifest.json(PR aksd: Add secure storage API and GitHub OAuth proxy config #260)