Skip to content

feat: make OAuth device auth the default authentication method#253

Open
SBALAVIGNESH123 wants to merge 1 commit intoval-town:mainfrom
SBALAVIGNESH123:feat/oauth-default-auth
Open

feat: make OAuth device auth the default authentication method#253
SBALAVIGNESH123 wants to merge 1 commit intoval-town:mainfrom
SBALAVIGNESH123:feat/oauth-default-auth

Conversation

@SBALAVIGNESH123
Copy link
Copy Markdown

@SBALAVIGNESH123 SBALAVIGNESH123 commented Apr 23, 2026

Closes #230

Summary

Makes OAuth device authorization the default authentication method, removing the interactive confirmation prompt that previously gated the login flow. Users no longer need to answer a yes/no question — the device auth flow starts automatically when credentials are missing.

Changes

Core: Auto-start OAuth (src/cmd/flows/onboard.ts)

  • Removed the Confirm.prompt gate — device auth now starts automatically
  • Added try/catch around the flow so if the browser can't open or the network fails, the CLI gracefully falls back to clear manual instructions (vt login or vt config set apiKey)
  • Fixed a missing await on globalConfig.saveGlobalConfig() that could cause a race condition where config wasn't written before process exit
  • Replaced hardcoded 'VAL_TOWN_API_KEY' string with the API_KEY_KEY constant

Auth-exempt commands (vt.ts)

  • Added login and upgrade to the auth-exempt command list
  • login is the auth flow itself — requiring auth before it creates a circular dependency
  • upgrade just updates the binary and doesn't need API access (also addresses Don't require being logged in for vt upgrade #242)

Token validation fix (src/vt/VTConfig.ts)

  • ensureGlobalVtConfig() now accepts 43-char OAuth access tokens from the VAL_TOWN_API_KEY environment variable (previously only accepted 32-33 char API keys, silently replacing OAuth tokens with a dummy key)

Error message improvements (src/cmd/utils.ts, src/vt/vt/schemas.ts)

  • 401 and permissions error messages now suggest vt login as the primary recovery action, with vt config set apiKey as secondary
  • Zod schema validation error message updated to mention OAuth tokens

Tests (src/cmd/tests/oauth_default_test.ts)

8 test cases covering:

  • Schema accepts 32-char, 33-char, and 43-char tokens ✅
  • Schema rejects invalid lengths ✅
  • Schema accepts null apiKey and refreshToken ✅
  • vt upgrade doesn't require authentication ✅
  • 401 error messages reference vt login

Verification

  • deno check passes on all 80+ source files with zero errors
  • deno fmt --check passes on all changed files
  • No new dependencies added
  • Fully backward compatible (vt config set apiKey still works)

feat: make OAuth device auth the default authentication method
a1e4314 
Closes val-town#230

- Remove Confirm.prompt gate in onboard flow; OAuth device auth now
  starts automatically when credentials are missing
- Gracefully fall back to manual instructions if device auth fails
  (no browser, network issues, etc.)
- Add 'login' and 'upgrade' to auth-exempt commands list (also
  addresses val-town#242: vt upgrade no longer requires authentication)
- Fix token length validation in ensureGlobalVtConfig to accept
  43-char OAuth access tokens alongside 32-33 char API keys
- Update 401/permissions error messages to suggest 'vt login' as
  primary recovery action
- Fix missing await on globalConfig.saveGlobalConfig() in onboard
- Use API_KEY_KEY constant instead of hardcoded string
- Update Zod schema validation error message to mention OAuth tokens
- Add comprehensive test suite (8 tests) covering schema validation,
  auth-exempt commands, and error message improvements
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

oauth auth

1 participant

@SBALAVIGNESH123