Skip to content

chore: Make auth_portal_url configurable via env variable #3284

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
akhileshb merged 1 commit into from
Oct 27, 2025
Merged

chore: Make auth_portal_url configurable via env variable #3284

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 11 additions & 5 deletions crates/chat-cli/src/auth/portal.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
//! Unified auth portal integration for streamlined authentication
//! Handles callbacks from https://app.kiro.dev/signin

use std::env;
use std::time::Duration;

use bytes::Bytes;
Expand Down Expand Up @@ -35,7 +36,7 @@ use crate::auth::social::{
use crate::database::Database;
use crate::util::system_info::is_mwinit_available;

const AUTH_PORTAL_URL: &str = "https://app.kiro.dev/signin";
const DEFAULT_AUTH_PORTAL_URL: &str = "https://app.kiro.dev";
const DEFAULT_AUTHORIZATION_TIMEOUT: Duration = Duration::from_secs(600);

#[derive(Debug, Clone)]
Expand Down Expand Up @@ -140,10 +141,11 @@ fn format_user_friendly_error(error_code: &str, description: Option<&str>, provi
fn build_auth_url(redirect_base: &str, state: &str, challenge: &str) -> String {
let is_internal = is_mwinit_available();
let internal_param = if is_internal { "&from_amazon_internal=true" } else { "" };
let auth_portal_url = get_auth_portal_url();

format!(
"{}?state={}&code_challenge={}&code_challenge_method=S256&redirect_uri={}{}&redirect_from=kirocli",
AUTH_PORTAL_URL,
"{}/signin?state={}&code_challenge={}&code_challenge_method=S256&redirect_uri={}{}&redirect_from=kirocli",
auth_portal_url,
state,
challenge,
urlencoding::encode(redirect_base),
Expand Down Expand Up @@ -354,8 +356,8 @@ async fn handle_invalid_callback(path: &str) -> Result<Response<Full<Bytes>>, Au

/// Build a redirect response to the auth portal
fn build_redirect_response(status: &str, error_message: Option<&str>) -> Result<Response<Full<Bytes>>, AuthError> {
let mut redirect_url = format!("{AUTH_PORTAL_URL}?auth_status={status}&redirect_from=kirocli");

let auth_portal_url = get_auth_portal_url();
let mut redirect_url = format!("{auth_portal_url}/signin?auth_status={status}&redirect_from=kirocli");
if let Some(msg) = error_message {
redirect_url.push_str(&format!("&error_message={}", urlencoding::encode(msg)));
}
Expand All @@ -382,3 +384,7 @@ async fn bind_allowed_port(ports: &[u16]) -> Result<TcpListener, AuthError> {
"All callback ports are in use. Please close some applications and try again.".into(),
))
}

fn get_auth_portal_url() -> String {
env::var("KIRO_AUTH_PORTAL_URL").unwrap_or_else(|_| DEFAULT_AUTH_PORTAL_URL.to_string())
}
Loading