studio/cli
2
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 4 Wiki Activity
96 Commits 2 Branches 5 Tags
3d2d16d53e7a4372c2880870c54bda81b2fcb101
Commit Graph

7 Commits

Author SHA1 Message Date
Sienna Meridian Satterwhite
ffc0fe917b feat: split auth into sso/git, Planka token exchange, board discovery 
Auth:
- sunbeam auth login runs SSO (Hydra OIDC) then Git (Gitea PAT)
- SSO callback auto-redirects browser to Gitea token page
- sunbeam auth sso / sunbeam auth git for individual flows
- Gitea PAT verified against API before saving

Planka:
- Token exchange via /api/access-tokens/exchange-using-token endpoint
- Board discovery via GET /api/projects
- String IDs (snowflake) handled throughout

Config:
- kubectl-style contexts: --context flag > current-context > "local"
- Removed --env flag
- Per-domain auth token storage
 2026-03-20 19:25:10 +00:00
Sienna Meridian Satterwhite
88b02acdd1 feat: kubectl-style contexts with per-domain auth tokens 
Config now supports named contexts (like kubectl), each bundling
domain, kube-context, ssh-host, infra-dir, and acme-email. Legacy
flat config auto-migrates to a "production" context on load.

- sunbeam config set --domain sunbeam.pt --host user@server
- sunbeam config use-context production
- sunbeam config get (shows all contexts)

Auth tokens stored per-domain (~/.local/share/sunbeam/auth/{domain}.json)
so local and production don't clobber each other. pm and auth commands
read domain from active context instead of K8s cluster discovery.
 2026-03-20 15:17:57 +00:00
Sienna Meridian Satterwhite
3a5e1c62ba fix: use predictable client_id via pre-seeded K8s secret 
Pre-create oidc-sunbeam-cli secret with CLIENT_ID=sunbeam-cli before
hydra-maester reconciles. No cluster access needed at login time.
 2026-03-20 15:08:59 +00:00
Sienna Meridian Satterwhite
1029ff0747 fix: auth login UX — timeout, Ctrl+C, suppress K8s error, center HTML 
- 5-minute timeout on callback wait (Ctrl+C now works)
- Skip K8s client_id lookup when no cluster configured (removes noisy ERROR)
- Center the success page HTML to match Sunbeam Studios branding
 2026-03-20 14:31:59 +00:00
Sienna Meridian Satterwhite
43b5a4eef9 fix: URL-encode scope parameter with %20 instead of + 2026-03-20 14:30:31 +00:00
Sienna Meridian Satterwhite
7fab2a7f3c fix: auth login domain resolution with --domain flag 
Domain resolves from: --domain flag > cached token > config
production_host > cluster discovery. Clear error when none available.
 2026-03-20 14:29:08 +00:00
Sienna Meridian Satterwhite
d4421d3e29 feat: OAuth2 CLI authentication with PKCE and token caching 
New src/auth.rs module:
- Authorization Code + PKCE flow via localhost redirect
- OIDC discovery from Hydra well-known endpoint
- Browser-based login (opens system browser automatically)
- Token caching at ~/.local/share/sunbeam/auth.json (0600 perms)
- Automatic refresh when access token expires (refresh valid 7 days)
- get_token() for use by other modules (pm, etc.)
- cmd_auth_login/logout/status subcommands
 2026-03-20 14:10:37 +00:00