Use cleaner base URL in login output#728
Merged
Soph merged 1 commit intofeat/device-auth-loginfrom Mar 19, 2026
Merged
Conversation
The device code is already printed on its own line, so embedding it in the URL as a query parameter is redundant. Use the cleaner base URL. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: a47ac4352190
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the entire login UX to prefer a cleaner “base” verification URL (without embedding the device code) when presenting the approval link, reducing redundant noise in user-facing output.
Changes:
- Prefer
verification_urioververification_uri_completewhen selecting the approval URL. - Keep a fallback to the other field when the preferred URL is missing.
Collaborator
Is it? I mean it would be just one copy&paste but I also feel this makes it more secure that you can't easily drop someone the url and log him in instead of you. So I think it's good that the code can't be part of the URL at all |
Soph
approved these changes
Mar 19, 2026
matthiaswenz
added a commit
that referenced
this pull request
Mar 20, 2026
- Show clean verification_uri to the user, but open verification_uri_complete (with code pre-filled) in the browser - Make waitForEnter context-aware so Ctrl+C exits cleanly instead of leaving the process stuck on a blocking tty read Fixes regression from #728 where the browser-opened URL lost the auth code parameter. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: 1518a16ea037
5 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
verification_uri(base URL) oververification_uri_complete(URL with code query param) inentire loginoutputBefore
After
Test plan
mise run fmt && mise run lintpassesmise run test:cipasses (unit + integration + canary)entire loginand verify the URL no longer includes the code query param🤖 Generated with Claude Code
Note
Low Risk
Low risk: only changes which verification URL is printed/opened during device login, with a simple fallback if the preferred field is empty.
Overview
Updates
entire loginto preferverification_uri(base URL) oververification_uri_completewhen displaying/opening the approval link, falling back to the complete URL only when the base URL is missing. This reduces redundant noise since the device code is already printed separately.Written by Cursor Bugbot for commit 0e016d6. Configure here.