Skip to content

Commit b7f6eec

Browse files
gnapseUbuntu
gnapse
and
Ubuntu
authored
feat: implement OAuth PKCE browser login (#20)
* feat: implement OAuth PKCE browser login Implements #7 - OAuth PKCE flow for browser-based authentication. New files: - src/lib/pkce.ts - PKCE utilities (code verifier, challenge, state) - src/lib/oauth-server.ts - Local HTTP callback server - src/lib/oauth.ts - OAuth URL builder and token exchange Changes: - ol auth login now opens browser for OAuth authorization - ol auth login --token preserved for manual API token auth - Client ID configurable via OUTLINE_OAUTH_CLIENT_ID env or prompt - Client ID persisted in config for future logins Flow: 1. Generate PKCE code_verifier + code_challenge + state 2. Start local callback server on localhost 3. Open browser to authorize endpoint 4. Receive callback with auth code 5. Exchange code for access token 6. Save token to config Note: Requires user to register a public OAuth app in Outline settings. Blocked by outline/outline#11254 (HTTPS redirect URI requirement). * chore: sync package-lock.json with open dependency * docs: update README with OAuth login instructions * fix: address Copilot review feedback - Handle OAuth error responses (e.g., access_denied) with descriptive messages - Prevent race condition in server error handler by setting resolved flag --------- Co-authored-by: Ubuntu <ubuntu@ip-172-31-80-221.ec2.internal>
1 parent a3bc75a commit b7f6eec

File tree

10 files changed

+2077
-43
lines changed

10 files changed

+2077
-43
lines changed

README.md

Lines changed: 23 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,12 +14,34 @@ npm link
1414

1515
## Auth
1616

17+
### OAuth login (recommended)
18+
1719
```sh
18-
ol auth login # prompts for API token and base URL
20+
ol auth login # opens browser for OAuth authorization
1921
ol auth status # show current auth state
2022
ol auth logout # clear saved credentials
2123
```
2224

25+
**Setup:**
26+
27+
1. Create a public OAuth app in Outline (Settings → Applications)
28+
2. Set the redirect URI to `http://localhost` (any port is fine)
29+
3. Run `ol auth login` and enter your OAuth client ID when prompted
30+
31+
The client ID is saved for future logins. You can also set `OUTLINE_OAUTH_CLIENT_ID` env var.
32+
33+
### Manual token login
34+
35+
If you prefer using an API token directly:
36+
37+
```sh
38+
ol auth login --token <your-api-token>
39+
```
40+
41+
Generate a token in Outline under Settings → API Tokens.
42+
43+
### Configuration
44+
2345
Token resolution: `OUTLINE_API_TOKEN` env var → `~/.config/outline-cli/config.json`.
2446

2547
Base URL resolution: `OUTLINE_URL` env var → config file → `https://app.getoutline.com`.

package-lock.json

Lines changed: 149 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@
2626
"commander": "14.0.2",
2727
"marked": "15.0.12",
2828
"marked-terminal": "7.3.0",
29+
"open": "10.2.0",
2930
"yocto-spinner": "1.0.0"
3031
},
3132
"devDependencies": {

0 commit comments

Comments
 (0)