Skip to content

feat(auth): add Personal Access Token authentication#21

Merged
steipete merged 2 commits intosteipete:mainfrom
kkiermasz:feat/pat-authentication
Jan 21, 2026
Merged

feat(auth): add Personal Access Token authentication#21
steipete merged 2 commits intosteipete:mainfrom
kkiermasz:feat/pat-authentication

Conversation

@kkiermasz
Copy link
Contributor

@kkiermasz kkiermasz commented Jan 19, 2026
edited
Loading

Summary

  • Add PAT authentication as alternative to OAuth for users in SAML SSO organizations
  • PATs can be explicitly authorized for SSO in GitHub settings, solving visibility issues for organization-owned repositories
  • Adds auth method picker (OAuth / Personal Access Token) in Account settings
  • Stores PAT securely in macOS Keychain alongside OAuth tokens

Changes

  • UserSettings.swift: Add AuthMethod enum and authMethod property
  • TokenStore.swift: Add savePAT(), loadPAT(), clearPAT() methods
  • PATAuthenticator.swift: New file for PAT validation via GET /user
  • AppState.swift: Add patAuth property and update token provider
  • AppState+Auth.swift: Add loginWithPAT() and logoutCurrentMethod()
  • AppState+Refresh.swift: Check both OAuth tokens and PAT before logging out
  • AccountSettingsView.swift: Add auth method picker and PAT input UI
obraz obraz obraz

🤖 Generated with Claude Code

@steipete
Copy link
Owner

steipete commented Jan 21, 2026

  • Medium: authMethod isn’t persisted; after restart it resets to .oauth, so Logout won’t clear PAT and user can’t truly log out. Persist after PAT login + set on init based on stored PAT. Sources/RepoBar/App/AppState+Auth.swift:20, Sources/RepoBar/App/ AppState.swift:35
  • Medium: logoutCurrentMethod relies solely on settings.authMethod; if stale, PAT remains in Keychain. Either derive from actual stored creds or clear both. Sources/RepoBar/App/ AppState+Auth.swift:33
  • Medium: PAT keychain save/load bypasses the new access‑group fallback path; can fail when keychain groups are missing. Reuse the shared save/load helpers. Sources/ RepoBarCore/Auth/TokenStore.swift:127

@steipete steipete self-assigned this Jan 21, 2026
@steipete
Copy link
Owner

steipete commented Jan 21, 2026

Thanks Jakub, will take over from here.

kkiermasz and others added 2 commits January 21, 2026 20:39
@kkiermasz @claude @steipete
feat(auth): add Personal Access Token authentication
c8cdc7c 
Support PAT as alternative to OAuth for users in SAML SSO organizations.
PATs can be authorized for SSO in GitHub settings, solving visibility
issues for organization-owned repositories.

- Add AuthMethod enum to UserSettings
- Add PAT storage methods to TokenStore
- Create PATAuthenticator for token validation
- Update AccountSettingsView with auth method picker
- Add tests for PAT storage and validation

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@steipete
fix: persist PAT auth state (steipete#21) (thanks @kkiermasz)
82a1212
@steipete steipete force-pushed the feat/pat-authentication branch from 94869aa to 82a1212 Compare January 21, 2026 20:43
@steipete steipete merged commit bab0838 into steipete:main Jan 21, 2026
1 check passed
@steipete
Copy link
Owner

steipete commented Jan 21, 2026

Landed via temp rebase onto main.\n\n- Gate: pnpm lint && pnpm build && pnpm test\n- Land commit: 82a1212\n- Merge commit: bab0838\n\nThanks @kkiermasz!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@steipete steipete

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kkiermasz @steipete