feat: add custom templates and automatic browser open for better interactive flow#48
feat: add custom templates and automatic browser open for better interactive flow#48wolfv merged 10 commits intoprefix-dev:mainfrom
Conversation
|
Nice! Quick initial comment: I did not expect to have two separate interactive flows the application can initiate (available only based on feature flags):
|
I think it's actually about the web browser: if this is e.g. a remote machine where we can't open a browser, then we need a manual way to provide the verification code -- sigstore-python does have a code path for for this out-of-band case that seems reasonable: https://github.com/sigstore/sigstore-python/blob/main/sigstore/oidc.py#L296-L322 |
Based on PR prefix-dev#48 feedback: the device code flow is unnecessary since the authorization code flow with PKCE can handle all cases: - Browser available: opens browser, receives code via redirect server - Browser unavailable: OOB mode prompts user to enter code manually Changes: - Remove DeviceCodeResponse, start_device_flow(), poll_for_token() - Add OOB fallback using urn:ietf:wg:oauth:2.0:oob redirect URI - Unify API to single get_identity_token() that auto-selects mode - Rename InteractiveCallback → AuthCallback, add prompt_for_code()
jku
left a comment
jku
left a comment
There was a problem hiding this comment.
Some of this is outside my ability to competently review in Rust but the flow looks great and works like I expected.
| //! Sign a file (opens browser, or prompts for code if browser unavailable): | ||
| //! ```sh | ||
| //! cargo run -p sigstore-sign --example sign_blob -- artifact.txt -o artifact.sigstore.json | ||
| //! cargo run -p sigstore-sign --features browser --example sign_blob -- artifact.txt -o artifact.sigstore.json |
There was a problem hiding this comment.
could update this example in main README as well
2 participants
This adds some custom HTML and automatic browser opening for a better interactive flow.