feat(oauth): Use keyring to store oauth token#1228
Draft
burmudar wants to merge 10 commits intowb/add-oauth-refresh-tokenfrom
Draft
feat(oauth): Use keyring to store oauth token#1228burmudar wants to merge 10 commits intowb/add-oauth-refresh-tokenfrom
burmudar wants to merge 10 commits intowb/add-oauth-refresh-tokenfrom
Conversation
Contributor
Author
|
This change is part of the following stack: Change managed by git-spice. |
This was referenced Dec 8, 2025
keegancsmith
reviewed
Dec 8, 2025
cmd/src/login.go
Outdated
| noToken := cfg.AccessToken == "" | ||
| endpointConflict := endpointArg != cfg.Endpoint | ||
|
|
||
| secretStore, err := keyring.Open() |
Member
There was a problem hiding this comment.
you only open this if doing deviceflow. If we are not doing deviceflow don't open secret storage. IE avoid interacting with secret storage unless we actually need to.
Maybe you can add a wrapper around secretstore which lazily opens?
Contributor
Author
There was a problem hiding this comment.
Stop looking over my shoulder :P busy addressing this atm 😄
burmudar
force-pushed
the
wb/add-oauth-refresh-token
branch
from
2f24f44 to
7f2c665
Compare
burmudar
force-pushed
the
wb/oauth-keyring
branch
from
278fc77 to
6f58c79
Compare
- rename keyring to store - make keyring struct src-cli and set label on secret
- Token converts expiresIn to a timestamp - Store the token with the endpoint suffix
- Add secret store that supports different backends - We use a registry map for a few secrets and the registry gets persisted as one secret to the keyring. We don't waant to create a keyring secret for every different secret - Store is opened once to load the registry.
burmudar
force-pushed
the
wb/add-oauth-refresh-token
branch
from
7f2c665 to
87b5732
Compare
burmudar
force-pushed
the
wb/oauth-keyring
branch
from
6f58c79 to
5a355f7
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
use keyring to store oauth token
add internal/keyring package to use 99designs keyring
return Token struct
store token in keyring
create token struct from TokenResponse
add basic http transport for oauth
OAuth transport and use when available in api client
Test plan