Say hello to Resend OAuth!
Resend has always a great way to use Pop, and now we’re adding support for their hot, new OAuth API. In other words: no API key needed!
To get going just pop auth.
Enjoy!
Charm
Changelog
- 79b8474: Add proper attachment style definition (@meowgorithm)
- 5a7235a: CLI, OAuth TUI: Minor wording adjustments (@meowgorithm)
- 934f01d: CLI: apply OAuth token on startup, if present (@meowgorithm)
- fe0de4b: CLI: improve message when no env vars are set (@meowgorithm)
- f73d089: CLI: show usage if not in a TTY (with no args) (@meowgorithm)
- 925c2d4: Examples: drop empty README (@meowgorithm)
- ee8f225: Lint: fix all golangci-lint issues (@meowgorithm)
- a2e07d1: OAuth TUI: show URL when browser can't open and add --no-browser flag (@meowgorithm)
- c3b041e: OAuth TUI: wrap text to terminal width and restyle header (@meowgorithm)
- 4d740fe: OAuth: Use pkg/browser for cross-platform browser opening (@meowgorithm)
- cb29efd: OAuth: add TUI for Resend OAuth authentication (@meowgorithm)
- c8bc2a7: OAuth: add basic OAuth support for Resend delivery (@meowgorithm)
- 8c4af40: OAuth: consolidate interactive and non-interactive oauth code (@meowgorithm)
- 683388c: OAuth: print API errors with error header and wrapped body (@meowgorithm)
- fa6a1c2: OAuth: pull localhost into a const (@meowgorithm)
- 0279634: OAuth: store tokens in XDG_DATA_HOME on Linux (@meowgorithm)
- cdda0a5: README: auto-format (@meowgorithm)
- 26352ca: README: update with oauth instructions (@meowgorithm)
- 24b2fe2: Taskfile: add auth and auth:nobrowser tasks (@meowgorithm)
- bef6b40: Taskfile: make default task run the project, add build task (@meowgorithm)
- 91b8c68: Wrap some comments (@meowgorithm)
Verifying the artifacts
First, download the checksums.txt file and the checksums.txt.sigstore.json file files, for example, with wget:
wget 'https://github.com/charmbracelet/pop/releases/download/v0.3.0/checksums.txt'
wget 'https://github.com/charmbracelet/pop/releases/download/v0.3.0/checksums.txt.sigstore.json'Then, verify it using cosign:
cosign verify-blob \
--certificate-identity 'https://github.com/charmbracelet/meta/.github/workflows/goreleaser.yml@refs/heads/main' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
--bundle 'checksums.txt.sigstore.json' \
./checksums.txtIf the output is Verified OK, you can safely use it to verify the checksums of other artifacts you downloaded from the release using sha256sum:
sha256sum --ignore-missing -c checksums.txtDone! You artifacts are now verified!
Thoughts? Questions? We love hearing from you. Feel free to reach out on X, Discord, Slack, The Fediverse, Bluesky.

