[profile-switcher][rust] -- [2/2] Add app-server account session lifecycle#25383
Open
dhruvgupta-oai wants to merge 11 commits into
Open
[profile-switcher][rust] -- [2/2] Add app-server account session lifecycle#25383dhruvgupta-oai wants to merge 11 commits into
dhruvgupta-oai wants to merge 11 commits into
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 726ad5b878
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
dhruvgupta-oai
force-pushed
the
dev/dhruvgupta/desktop-account-sessions-rust
branch
from
1a33b2c to
66f3242
Compare
This was referenced Jun 1, 2026
dhruvgupta-oai
changed the title
dhruvgupta-oai
changed the base branch from
main
to
dev/dhruvgupta/desktop-account-sessions-rust-storage
dhruvgupta-oai
force-pushed
the
dev/dhruvgupta/desktop-account-sessions-rust-storage
branch
from
e708601 to
c4c1505
Compare
dhruvgupta-oai
force-pushed
the
dev/dhruvgupta/desktop-account-sessions-rust
branch
3 times, most recently
from
714f4eb to
c7f4b4b
Compare
dhruvgupta-oai
force-pushed
the
dev/dhruvgupta/desktop-account-sessions-rust-storage
branch
from
0009a7e to
ffc9d4b
Compare
dhruvgupta-oai
force-pushed
the
dev/dhruvgupta/desktop-account-sessions-rust
branch
from
c7f4b4b to
9da2781
Compare
dhruvgupta-oai
force-pushed
the
dev/dhruvgupta/desktop-account-sessions-rust-storage
branch
from
ffc9d4b to
6e0d3d5
Compare
dhruvgupta-oai
force-pushed
the
dev/dhruvgupta/desktop-account-sessions-rust
branch
from
9da2781 to
9dd4b40
Compare
dhruvgupta-oai
force-pushed
the
dev/dhruvgupta/desktop-account-sessions-rust-storage
branch
from
6e0d3d5 to
cffab69
Compare
dhruvgupta-oai
force-pushed
the
dev/dhruvgupta/desktop-account-sessions-rust
branch
from
9dd4b40 to
5d83164
Compare
dhruvgupta-oai
force-pushed
the
dev/dhruvgupta/desktop-account-sessions-rust-storage
branch
from
cffab69 to
fd36ea0
Compare
dhruvgupta-oai
force-pushed
the
dev/dhruvgupta/desktop-account-sessions-rust
branch
3 times, most recently
from
e39598b to
62ac0cb
Compare
dhruvgupta-oai
changed the title
dhruvgupta-oai
changed the base branch from
dev/dhruvgupta/desktop-account-sessions-rust-storage
to
dev/dhruvgupta/desktop-account-sessions-rust-protocol
dhruvgupta-oai
force-pushed
the
dev/dhruvgupta/desktop-account-sessions-rust-protocol
branch
from
8cf9a3d to
3ad4592
Compare
dhruvgupta-oai
force-pushed
the
dev/dhruvgupta/desktop-account-sessions-rust
branch
from
62ac0cb to
9dadbb3
Compare
cooper-oai
reviewed
Jun 3, 2026
cooper-oai
reviewed
Jun 3, 2026
| .map_err(|e| io::Error::other(format!("persist task failed: {e}")))??; | ||
|
|
||
| if should_revoke_auth_tokens(previous_auth.as_ref(), &auth) | ||
| if revoke_previous_auth |
Contributor
There was a problem hiding this comment.
it should be up to the server (authapi) to do the revocation for switching, not the client
Contributor
Author
There was a problem hiding this comment.
i think this is existing code that i put a bool around
Contributor
Author
There was a problem hiding this comment.
yeah so i want to keep this minimal and not change existing code as much as i can. current app revokes the token when you login as someone new so keeping that convention for now.
cooper-oai
reviewed
Jun 3, 2026
Contributor
cooper-oai
left a comment
cooper-oai
left a comment
There was a problem hiding this comment.
do we want to do this experimentally first?
Contributor
Author
Yes but keeping the og json so that this is backwards compatible
all this code is just additive APIs. Theres no actual change to the login functionality other than the bool for revoking the previous auth. The experiment / gate is gonna come from the desktop app. EDIT: I also added some more APIS for a new logout and new login path that we can call from desktop so we can fully gate this from the front-end side. |
dhruvgupta-oai
added a commit
that referenced
this pull request
Jun 3, 2026
…ocol (#25469) ## Summary Adds the app-server v2 `accountSession/*` protocol used by the Desktop profile switcher and the backend account metadata client needed to populate workspace choices. This is the protocol layer only. The app-server lifecycle and consolidated saved-session storage are split into a follow-up PR. ## Rust Stack 1. This PR 2. [#25383](#25383) adds app-server session lifecycle behavior and consolidated saved-session storage. ## Validation - Generated app-server schema fixtures are included from the existing generation flow in the lifecycle PR where the routes are registered. - Did not run tests per requested scope.
Base automatically changed from
dev/dhruvgupta/desktop-account-sessions-rust-protocol
to
main
June 3, 2026 19:55
dhruvgupta-oai
force-pushed
the
dev/dhruvgupta/desktop-account-sessions-rust
branch
from
2849fba to
f784c75
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds the shipped Rust app-server lifecycle for Desktop multi-account profile switching on top of the protocol PR.
Exposes additive
accountSession/login/start,accountSession/add,accountSession/list,accountSession/switch, andaccountSession/logoutroutes; stores all saved session credentials and metadata in oneaccount-sessions.json; keeps the activeauth.jsonsnapshot current; refreshes workspace metadata; and exchanges the bearer token when switching workspaces so backend routing uses the newly selected workspace.The existing
account/login/startandaccount/logoutroutes remain unchanged. The saved-session login route snapshots the active session before starting another browser login and does not revoke the previous session credentials. The saved-session logout route removes and revokes only the selected session.Addresses the review findings by returning an empty saved-session list for non-ChatGPT auth bootstrap, restoring the prior auth payload for add-without-switch, preserving managed sessions during additional login, deriving canonical metadata from parsed ID-token data, revoking sessions only during saved-session logout, and removing unused account-session plan and workspace-status metadata.
Rust Stack
Desktop Consumer Stack
Validation
just write-app-server-schema.