feat: add device authorization flow (RFC 8628) for CLI auth#61
Merged
NormallyGaussian merged 3 commits intomainfrom Mar 11, 2026
Merged
feat: add device authorization flow (RFC 8628) for CLI auth#61NormallyGaussian merged 3 commits intomainfrom
NormallyGaussian merged 3 commits intomainfrom
Conversation
Enables authentication in environments that cannot open a browser (SSH, containers, CI, Claude Desktop/Web) via the device code flow. - `parallel-cli login --device` for human-readable output - `parallel-cli login --device --json` emits NDJSON for AI agents - Auto-detects headless environments and uses device flow automatically - Public Python API: request_device_code() / poll_device_token()
On CI (CI=true), _is_headless() returns True so get_api_key calls _do_device_flow instead of _do_oauth_flow. Without mocking both, the test hits the real endpoint and blocks forever.
On Linux CI (no DISPLAY env var), _is_headless() returns True via the display check even after clearing SSH/CI/container vars. Tests that assert non-headless behavior need DISPLAY set explicitly.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
parallel-cli login --deviceshows verification URL + user code, polls until approvedparallel-cli login --device --jsonemits NDJSON: first line hasverification_uri_complete+user_codefor agents to present, second line confirmsauthenticatedrequest_device_code()/poll_device_token()as public Python API for SDK users who need full controlAgent usage
Output is two newline-delimited JSON objects. The first is emitted immediately with the device code info:
{"status": "waiting_for_authorization", "verification_uri": "https://platform.parallel.ai/getKeys/device", "verification_uri_complete": "https://platform.parallel.ai/getKeys/device?user_code=BCDF-GHJK", "user_code": "BCDF-GHJK", "expires_in": 600}The agent should:
verification_uri_completeas a clickable link to the user (this URL has the code pre-filled)user_codein case the user needs to enter it manuallyOnce the user approves in the browser, the second line is emitted and the command exits:
{"status": "authenticated"}Example: Claude Code / AI agent integration
Test plan
parallel-cli login --deviceend-to-end against productionparallel-cli login --device --jsonemits correct NDJSON against production