Skip to content

Prototype of login via prototyper in Studio #8938

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Aug 27, 2025
Merged

Prototype of login via prototyper in Studio #8938

merged 11 commits into from
Aug 27, 2025

Conversation

joehan
Copy link
Contributor

@joehan joehan commented Aug 4, 2025
edited
Loading

Description

Early prototype of a noninteractive login flow for use in Studio prototyper.

Using it

Roughly, we'll do something like:

import fbt from "firebase-tools"
const res = await fbt.login({prototyperLogin: true});

// Show the user the sessionId and send them to the URI to do the login flow
console.log(res.sessionId);
console.log(res.uri);
// After the flow, user copy + pastes an authorization code
// We pass that to res.authorize to exchange it for a OAuth token and save their creds to configstore
await res.authorize(authCode);
}

gemini-code-assist[bot]
gemini-code-assist bot reviewed Aug 4, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Summary of Changes

Hello @joehan, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a new, non-interactive login flow specifically designed for the Studio prototyper environment. It extends the existing authentication module with a programmatic way to initiate and complete user login, bypassing traditional interactive prompts and reauthentication checks when enabled.

Highlights

  • New Non-Interactive Login Flow: I've introduced a new loginPrototyper function in src/auth.ts. This function facilitates a non-interactive login flow, returning a URI for the user to initiate authentication and an authorize method to complete the process with an authorization code. This is designed for environments like the Studio prototyper where direct user interaction with the CLI for login is not feasible.
  • Integration with login Command: The login command in src/commands/login.ts has been updated to accept a new prototyperLogin option. When this option is provided, the command delegates to the new loginPrototyper function, enabling the non-interactive flow. This allows programmatic login via the firebase-tools module.
  • Bypassing Interactive Checks: To support the non-interactive nature of the prototyper login, I've modified the login command's logic to bypass the standard nonInteractive error and the reauth check when the prototyperLogin option is active. This ensures the flow can proceed without requiring user prompts or checking for existing credentials.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in issue comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments or fill out our survey to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Aug 4, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a prototype for a non-interactive login flow for Studio. The changes are well-contained, adding a new loginPrototyper function and integrating it into the existing login command. My review focuses on improving error handling and robustness, and I've identified a critical issue with command-line option processing that could affect the default login behavior. Overall, this is a good starting point for the new feature.

src/auth.ts Outdated
Comment on lines 468 to 472
} catch (e) {
throw new FirebaseError(
"Unable to authenticate using the provided code. Please try again.",
);
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The catch block currently swallows the original error, which can make debugging difficult if an unexpected issue occurs during authorization. It would be helpful to log the original error for better diagnostics.

      } catch (e: unknown) {
        logger.debug("Prototyper login authorization failed:", e);
        throw new FirebaseError(
          "Unable to authenticate using the provided code. Please try again.",
        );
      }

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree with the above

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch - this can just throw the original error tbh, no need to clean it up for the module consumer.

@joehan joehan marked this pull request as ready for review August 20, 2025 21:06
@joehan joehan requested a review from maneesht August 20, 2025 21:07
maneesht
maneesht requested changes Aug 20, 2025
View reviewed changes
src/auth.ts

export async function loginPrototyper(): Promise<PrototyperRes> {
const authProxyClient = new apiv2.Client({
urlPrefix: authProxyOrigin(),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like we call this multiple times, is this something we can just cache once and re-use?

src/auth.ts Outdated
);

const creds = {
user: jwt.decode(tokens.id_token!, { json: true }) as any as User,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should be able to use the generic type:

Suggested change
user: jwt.decode(tokens.id_token!, { json: true }) as any as User,
user: jwt.decode<User>(tokens.id_token!, { json: true }),

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

JWT doesn't have a generic typed version of decode

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Man, that's what I get for not researching an LLM response :(
Can we re-type as as unknown as User? unknown is usually preferred over any

src/auth.ts Outdated
Comment on lines 468 to 472
} catch (e) {
throw new FirebaseError(
"Unable to authenticate using the provided code. Please try again.",
);
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree with the above

@github-project-automation github-project-automation bot moved this to Changes Requested [PR] in [Cloud] Extensions + Functions Aug 20, 2025
@joehan joehan requested a review from maneesht August 20, 2025 22:20
@github-project-automation github-project-automation bot moved this from Changes Requested [PR] to Approved [PR] in [Cloud] Extensions + Functions Aug 20, 2025
@joehan joehan enabled auto-merge (squash) August 20, 2025 23:31
@joehan joehan disabled auto-merge August 20, 2025 23:47
@joehan joehan merged commit b941a6e into master Aug 27, 2025
26 checks passed
@joehan joehan deleted the jh-prototyper-auth branch August 27, 2025 17:43
@github-project-automation github-project-automation bot moved this from Approved [PR] to Done in [Cloud] Extensions + Functions Aug 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maneesht maneesht maneesht approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@joehan @maneesht