Skip to content

TW-4922: SSO UX, PKCE fix, huh v2 upgrade#75

Merged
qasim-nylas merged 3 commits into
mainfrom
feature/TW-4922-sso-press-enter-before-browser
May 11, 2026
Merged

TW-4922: SSO UX, PKCE fix, huh v2 upgrade#75
qasim-nylas merged 3 commits into
mainfrom
feature/TW-4922-sso-press-enter-before-browser

Conversation

@qasim-nylas
Copy link
Copy Markdown
Collaborator

@qasim-nylas qasim-nylas commented May 11, 2026

Summary

  • SSO device-code flow: show one-time code first, wait for Enter before opening browser (matches gh auth login pattern)
  • App creation: pass environment: "sandbox" to fix userAccessDict[environment] is not iterable server error
  • PKCE fix: use Nylas's non-standard base64(hex(sha256(verifier))) instead of RFC 7636 base64url(sha256(verifier)) — fixes "Code verifier challenge failed" on nylas auth login
  • OAuth error parsing: handle error/error_description format from /v3/connect/token so errors are no longer opaque "status 400"
  • huh v2 + lipgloss v2: upgrade from v1 to fix duplicate input field rendering in interactive prompts

Test plan

  • nylas init — SSO shows code, waits for Enter, browser opens after
  • nylas init — app creation succeeds with sandbox environment
  • nylas init — single App name prompt (no duplicate rendering)
  • nylas auth login — PKCE flow completes successfully
  • Unit tests pass: go test ./internal/adapters/dashboard/ ./internal/adapters/nylas/ ./internal/app/auth/ ./internal/cli/common/
  • Lint clean: golangci-lint run --timeout=5m

@qasim-nylas
TW-4922: SSO device-code flow UX — press Enter before browser, sandbo…
626e44f 
…x env, huh v2

- Show one-time code first and wait for Enter before opening browser (gh auth login style)
- Pass environment: "sandbox" when creating applications to fix server error
- Upgrade huh v1→v2 and lipgloss v1→v2 to fix duplicate input rendering
@qasim-nylas
TW-4922: fix PKCE challenge to match Nylas API and parse OAuth error …
d829314 
…responses

- PKCE: use base64(hex(sha256(verifier))) to match Nylas's non-standard S256
- parseError: handle OAuth error format (error/error_description) from /v3/connect/token
@qasim-nylas
TW-4922: add unit tests for OAuth error format parsing
a0d5c97 
- Test parseError handles OAuth error/error_description format
- Test parseError falls back to status code on empty body
@qasim-nylas qasim-nylas requested a review from AaronDDM May 11, 2026 22:34
AaronDDM
AaronDDM approved these changes May 11, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@AaronDDM AaronDDM left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@qasim-nylas qasim-nylas merged commit 5b4e036 into main May 11, 2026
6 checks passed
@qasim-nylas qasim-nylas deleted the feature/TW-4922-sso-press-enter-before-browser branch May 11, 2026 22:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AaronDDM AaronDDM AaronDDM approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@qasim-nylas @AaronDDM