Skip to content

auth v2 credential ui #5743

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jroth1111 wants to merge 12 commits into from
Closed

auth v2 credential ui #5743

jroth1111 wants to merge 12 commits into from

Conversation

@jroth1111
Copy link

@jroth1111 jroth1111 commented Dec 18, 2025
edited
Loading

Context: #5748.

Builds on auth v2 core branch jroth1111:auth-v2-core (RFC: specs/provider-auth-v2.md).

Summary

Adds a TUI "connected accounts" manager and basic rotation instrumentation so users can see/manage stored credentials and quickly diagnose same-request OAuth rotation behavior.

What changed

  • New "Manage connected accounts" dialog: list credentials, show cooldown/last status, rename (r) and delete (d).
  • Server API endpoints for credential list/update/delete, used by the TUI.
  • In-memory rotation counters (RotationStats) + server /debug/rotation endpoint.
  • Status dialog shows rotation totals and per-provider top rotations.
  • Rotation engine records request/attempt/rotate/refresh events.
  • Test coverage for the auth-expired rotation fallback.

How to test

  • In TUI → provider dialog → "Manage connected accounts" to rename/delete records.
  • Make a request that triggers rotation; open Status to see OAuth Rotation counters increment.

gwizz added 12 commits December 18, 2025 14:25
core: subscription OAuth pools + same-request rotation
9bf4db8
fix: share OAuth creds across provider aliases
8eeb053
core: encrypted credential pools + rotating OAuth fetch
a090731
fix(mcp): use credential store for oauth state
fee71b9
fix(credentials): make legacy migration idempotent
e7e32b1
test(mcp): increase headers test timeout
f407387
fix(mcp): lazy-load remote transports
2abf0fd
test(mcp): stub client creation for deterministic header tests
c3923cc
fix(auth-v2): address review issues
a65ad2a 
- Move vault key from config/ to data/ for backup locality
- Extract parseRetryAfterMs and cooldown constants to util/http.ts
- Add type guards in credentials/guards.ts to replace unsafe casts
- Add OAuth placeholder comments to all 6 provider adapters
- Add Bun dependency comment to store.ts glob usage
- Update RFC with backup guidance and key rotation docs
refactor(auth): remove legacy V1 encryption and enforce AAD binding
1bb8b51
feat(tui): manage connected accounts + rotation stats
060c7f4
test(auth-v2): add auth-expired rotation fallback test
e5dc484 
Tests that when first credential returns 401, the rotation engine
falls back to the next credential and updates health metrics.
This was referenced Dec 18, 2025
Closed
Closed
Closed
@jroth1111
Copy link
Author

jroth1111 commented Dec 18, 2025

Context: #5748.

Heads-up: these auth-v2 PRs are stacked in my fork, so GitHub will show the full diff vs sst:dev here.

For just the incremental changes in this PR (on top of auth-v2 core), you can use:

If you prefer a single diff to review, #5746 is the combined PR.

@jroth1111
Copy link
Author

jroth1111 commented Dec 18, 2025

Superseded by #5754 (focused multi-account OAuth subscription failover using Bun.secrets). Closing to reduce noise; happy to reopen if you want the broader scope.

@jroth1111 jroth1111 closed this Dec 18, 2025
@jroth1111 jroth1111 deleted the auth-v2-credential-ui branch January 14, 2026 23:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jroth1111