Skip to content

Commit 96b4b11

Browse files
leggetterclaudecursoragent
committed
feat(login): guest profile always opens browser claim; drop auth_intent
When guest_url is set, a valid API key no longer short-circuits login. Preserve stale guest key on validate 401 and send guest credentials on POST /cli-auth. Remove auth_intent from StartLogin payload. Co-Authored-By: Claude <noreply@anthropic.com> Co-authored-by: Cursor <cursoragent@cursor.com>
1 parent 5ba037e commit 96b4b11

4 files changed

Lines changed: 13 additions & 57 deletions

File tree

pkg/gateway/mcp/tool_login.go

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -117,11 +117,8 @@ func handleLogin(srv *Server) mcpsdk.ToolHandler {
117117
saved_guest_api_key = cfg.Profile.APIKey
118118
}
119119

120-
auth_intent := login.ResolveLoginIntent(cfg)
121-
122-
// Initiate browser-based device auth flow.
123120
authClient := &hookdeck.Client{BaseURL: parsedBaseURL, TelemetryDisabled: cfg.TelemetryDisabled}
124-
session, err := authClient.StartLogin(login.BuildStartLoginInput(cfg, auth_intent, saved_guest_api_key))
121+
session, err := authClient.StartLogin(login.BuildStartLoginInput(cfg, saved_guest_api_key))
125122
if err != nil {
126123
return ErrorResult(fmt.Sprintf("Failed to start login: %s", err)), nil
127124
}

pkg/hookdeck/auth.go

Lines changed: 3 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -50,19 +50,10 @@ type UpdateClientInput struct {
5050
}
5151

5252
// StartLoginInput configures POST /cli-auth for browser login.
53-
type CLIAuthIntent string
54-
55-
const (
56-
CLIAuthIntentClaimGuest CLIAuthIntent = "claim_guest"
57-
CLIAuthIntentLogin CLIAuthIntent = "login"
58-
CLIAuthIntentCreateNew CLIAuthIntent = "create_new"
59-
)
60-
6153
type StartLoginInput struct {
62-
DeviceName string `json:"device_name"`
63-
AuthIntent CLIAuthIntent `json:"auth_intent,omitempty"`
64-
GuestUserID string `json:"guest_user_id,omitempty"`
65-
GuestAPIKey string `json:"guest_api_key,omitempty"`
54+
DeviceName string `json:"device_name"`
55+
GuestUserID string `json:"guest_user_id,omitempty"`
56+
GuestAPIKey string `json:"guest_api_key,omitempty"`
6657
}
6758

6859
// LoginSession represents an in-progress login flow

pkg/login/client_login.go

Lines changed: 7 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,8 @@ var canOpenBrowser = open.CanOpenBrowser
2424
func Login(config *configpkg.Config, input io.Reader) error {
2525
var s *spinner.Spinner
2626

27+
saved_guest_api_key := ""
28+
2729
if config.Profile.APIKey != "" {
2830
log.WithFields(log.Fields{
2931
"prefix": "login.Login",
@@ -40,31 +42,11 @@ func Login(config *configpkg.Config, input io.Reader) error {
4042
// Rejected key: continue into browser login below (must clear key first
4143
// or we would re-enter this branch only).
4244
fmt.Fprintln(os.Stdout, "Your saved API key is no longer valid. Starting browser sign-in...")
43-
saved_guest_api_key := ""
4445
if config.Profile.GuestURL != "" {
4546
saved_guest_api_key = config.Profile.APIKey
4647
}
4748
config.Profile.APIKey = ""
48-
49-
parsedBaseURL, parseErr := url.Parse(config.APIBaseURL)
50-
if parseErr != nil {
51-
return parseErr
52-
}
53-
54-
client := &hookdeck.Client{
55-
BaseURL: parsedBaseURL,
56-
TelemetryDisabled: config.TelemetryDisabled,
57-
}
58-
59-
auth_intent := resolveLoginIntent(config)
60-
61-
session, startErr := client.StartLogin(buildStartLoginInput(config, auth_intent, saved_guest_api_key))
62-
if startErr != nil {
63-
return startErr
64-
}
65-
66-
return waitForLoginSession(config, input, session)
67-
} else {
49+
} else if config.Profile.GuestURL == "" {
6850
message := SuccessMessage(response.UserName, response.UserEmail, response.OrganizationName, response.ProjectName, response.ProjectMode == "console")
6951
ansi.StopSpinner(s, message, os.Stdout)
7052

@@ -78,6 +60,9 @@ func Login(config *configpkg.Config, input io.Reader) error {
7860
}
7961

8062
return nil
63+
} else {
64+
// Guest Console profile: valid key still needs browser signup to claim sandbox.
65+
ansi.StopSpinner(s, "", os.Stdout)
8166
}
8267
}
8368

@@ -91,9 +76,7 @@ func Login(config *configpkg.Config, input io.Reader) error {
9176
TelemetryDisabled: config.TelemetryDisabled,
9277
}
9378

94-
auth_intent := resolveLoginIntent(config)
95-
96-
session, err := client.StartLogin(buildStartLoginInput(config, auth_intent, ""))
79+
session, err := client.StartLogin(buildStartLoginInput(config, saved_guest_api_key))
9780
if err != nil {
9881
return err
9982
}

pkg/login/login_intent.go

Lines changed: 2 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -5,37 +5,22 @@ import (
55
"github.com/hookdeck/hookdeck-cli/pkg/hookdeck"
66
)
77

8-
func resolveLoginIntent(config *configpkg.Config) hookdeck.CLIAuthIntent {
9-
has_guest_profile := config != nil && config.Profile.GuestURL != ""
10-
if !has_guest_profile {
11-
return hookdeck.CLIAuthIntentLogin
12-
}
13-
return hookdeck.CLIAuthIntentClaimGuest
14-
}
15-
16-
func ResolveLoginIntent(config *configpkg.Config) hookdeck.CLIAuthIntent {
17-
return resolveLoginIntent(config)
18-
}
19-
208
func BuildStartLoginInput(
219
config *configpkg.Config,
22-
intent hookdeck.CLIAuthIntent,
2310
saved_guest_api_key string,
2411
) hookdeck.StartLoginInput {
25-
return buildStartLoginInput(config, intent, saved_guest_api_key)
12+
return buildStartLoginInput(config, saved_guest_api_key)
2613
}
2714

2815
func buildStartLoginInput(
2916
config *configpkg.Config,
30-
intent hookdeck.CLIAuthIntent,
3117
saved_guest_api_key string,
3218
) hookdeck.StartLoginInput {
3319
input := hookdeck.StartLoginInput{
3420
DeviceName: config.DeviceName,
35-
AuthIntent: intent,
3621
}
3722

38-
if intent == hookdeck.CLIAuthIntentClaimGuest {
23+
if config != nil && config.Profile.GuestURL != "" {
3924
input.GuestUserID = guestCredentialsUserID(config)
4025
input.GuestAPIKey = guestCredentialsAPIKey(config, saved_guest_api_key)
4126
}

0 commit comments

Comments
 (0)