fix(oauth): Address code review feedback

- Extract magic numbers into named constants (DEVICE_CODE_BYTES, USER_CODE_GROUP_LENGTH)
- Add user_code to ApiDeviceCode.__str__ for better debugging
- Add "You can now close this tab" UX message to completion page
- Use constants in _normalize_user_code instead of hardcoded values

Author: dcramer

src/sentry/models/apidevicecode.py

@@ -25,6 +25,10 @@
 # Reference: RFC 8628 §5.1
 USER_CODE_ALPHABET = "BCDFGHJKLMNPQRSTVWXZ"
 USER_CODE_LENGTH = 8
+USER_CODE_GROUP_LENGTH = USER_CODE_LENGTH // 2  # Characters per group in "XXXX-XXXX" format
+
+# Device code entropy: 32 bytes = 256 bits
+DEVICE_CODE_BYTES = 32
 
 
 def default_expiration():
@@ -33,7 +37,7 @@ def default_expiration():
 
 def generate_device_code():
     """Generate a cryptographically secure device code (256-bit entropy)."""
-    return secrets.token_hex(nbytes=32)
+    return secrets.token_hex(nbytes=DEVICE_CODE_BYTES)
 
 
 def generate_user_code():
@@ -45,7 +49,7 @@ def generate_user_code():
     Reference: RFC 8628 §5.1
     """
     chars = [secrets.choice(USER_CODE_ALPHABET) for _ in range(USER_CODE_LENGTH)]
-    return f"{''.join(chars[:4])}-{''.join(chars[4:])}"
+    return f"{''.join(chars[:USER_CODE_GROUP_LENGTH])}-{''.join(chars[USER_CODE_GROUP_LENGTH:])}"
 
 
 # Maximum retries for generating unique codes
@@ -127,7 +131,7 @@ class Meta:
         db_table = "sentry_apidevicecode"
 
     def __str__(self) -> str:
-        return f"device_code={self.id}, application={self.application.id}, status={self.status}"
+        return f"id={self.id}, user_code={self.user_code}, application={self.application_id}, status={self.status}"
 
     def get_scopes(self) -> list[str]:
         """Return the list of requested scopes."""

src/sentry/templates/sentry/oauth-device-complete.html

@@ -8,10 +8,12 @@
       <div class="alert alert-success">
         <h4>Success!</h4>
         <p>{{ message }}</p>
+        <p style="margin-top: 1em;">You can now close this tab and return to your device.</p>
       </div>
     {% else %}
       <div class="alert alert-info">
         <p>{{ message }}</p>
+        <p style="margin-top: 1em;">You can now close this tab.</p>
       </div>
     {% endif %}
 

src/sentry/web/frontend/oauth_device.py

@@ -10,7 +10,12 @@
 
 from sentry.models.apiapplication import ApiApplicationStatus
 from sentry.models.apiauthorization import ApiAuthorization
-from sentry.models.apidevicecode import ApiDeviceCode, DeviceCodeStatus
+from sentry.models.apidevicecode import (
+    USER_CODE_GROUP_LENGTH,
+    USER_CODE_LENGTH,
+    ApiDeviceCode,
+    DeviceCodeStatus,
+)
 from sentry.ratelimits import backend as ratelimiter
 from sentry.users.services.user.service import user_service
 from sentry.utils import metrics
@@ -46,8 +51,8 @@ def _normalize_user_code(user_code: str) -> str:
     Handles case variations, missing dashes, and extra whitespace.
     """
     normalized = user_code.replace("-", "").upper().strip()
-    if len(normalized) == 8:
-        return f"{normalized[:4]}-{normalized[4:]}"
+    if len(normalized) == USER_CODE_LENGTH:
+        return f"{normalized[:USER_CODE_GROUP_LENGTH]}-{normalized[USER_CODE_GROUP_LENGTH:]}"
     return user_code.upper().strip()