feat(setup): Use new browser signup/signin and org/project selection flow

src/auth.rs

@@ -1230,110 +1230,6 @@ async fn run_login_oauth(base: &BaseArgs, args: AuthLoginArgs) -> Result<()> {
     Ok(())
 }
 
-pub(crate) async fn login_interactive_oauth(base: &mut BaseArgs) -> Result<String> {
-    let api_url = base
-        .api_url
-        .clone()
-        .unwrap_or_else(|| DEFAULT_API_URL.to_string());
-    let app_url = base
-        .app_url
-        .clone()
-        .unwrap_or_else(|| DEFAULT_APP_URL.to_string());
-    let provisional_profile = base
-        .profile
-        .as_deref()
-        .map(str::trim)
-        .filter(|name| !name.is_empty())
-        .unwrap_or("default");
-    let client_id = default_oauth_client_id(provisional_profile);
-
-    let (pkce_challenge, pkce_verifier) = PkceCodeChallenge::new_random_sha256();
-    let state = generate_random_token(32)?;
-
-    let listener = TcpListener::bind(("127.0.0.1", 0))
-        .await
-        .context("failed to bind oauth callback listener")?;
-    let callback_port = listener
-        .local_addr()
-        .context("failed to read callback listener address")?
-        .port();
-    let redirect_uri = format!("http://127.0.0.1:{callback_port}/callback");
-    let oauth_client = build_oauth_client(&api_url, &client_id, Some(&redirect_uri))?;
-    let (authorize_url, _) = oauth_client
-        .authorize_url(|| CsrfToken::new(state.clone()))
-        .add_scope(Scope::new(OAUTH_SCOPE.to_string()))
-        .set_pkce_challenge(pkce_challenge)
-        .url();
-    let authorize_url = authorize_url.to_string();
-
-    let _ = open::that(&authorize_url);
-    eprintln!("Complete authorization in your browser.");
-    eprintln!();
-    eprintln!("{}", dialoguer::console::style(&authorize_url).dim());
-    eprintln!();
-
-    let callback =
-        collect_oauth_callback(listener, is_ssh_session(), explicitly_quiet(base)).await?;
-    if let Some(error) = callback.error {
-        bail!("oauth authorization failed: {error}");
-    }
-    let auth_code = callback
-        .code
-        .ok_or_else(|| anyhow::anyhow!("no authorization code received"))?;
-    if callback.state.is_none() {
-        bail!("oauth callback missing state; paste the full callback URL (or code=...&state=...)");
-    }
-    if callback.state.as_deref() != Some(state.as_str()) {
-        bail!("oauth state mismatch; please try again");
-    }
-
-    let oauth_tokens = exchange_oauth_authorization_code(
-        &api_url,
-        &client_id,
-        &redirect_uri,
-        &auth_code,
-        pkce_verifier,
-    )
-    .await?;
-
-    let login_orgs = fetch_login_orgs(&oauth_tokens.access_token, &app_url).await?;
-    let selected_org = select_login_org(
-        login_orgs.clone(),
-        base.org_name.as_deref(),
-        ui::can_prompt(),
-        false,
-        false,
-        explicitly_quiet(base),
-    )?;
-    let selected_api_url =
-        resolve_profile_api_url(base.api_url.clone(), selected_org.as_ref(), &login_orgs)?;
-    let store = load_auth_store()?;
-    let jwt_id = decode_jwt_identity(&oauth_tokens.access_token);
-    let (profile_name, should_confirm_overwrite) = resolve_oauth_login_profile_name(
-        base.profile.as_deref(),
-        selected_org.as_ref().map(|org| org.name.as_str()),
-        &selected_api_url,
-        &app_url,
-        &jwt_id,
-        &store,
-    )?;
-    if should_confirm_overwrite {
-        confirm_profile_overwrite(&profile_name)?;
-    }
-
-    commit_oauth_profile(
-        &profile_name,
-        &oauth_tokens,
-        selected_api_url,
-        app_url,
-        client_id,
-        selected_org.as_ref().map(|org| org.name.clone()),
-    )?;
-
-    base.profile = Some(profile_name.clone());
-    Ok(profile_name)
-}
-
 pub(crate) fn commit_api_key_profile(
     profile_name: &str,
     api_key: &str,