feat: GitHub authentication with OAuth and PAT support #47
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Users can now connect their GitHub accounts for private repository access: - GitHub OAuth flow (primary): Secure OAuth-based connection via GitHub App - Personal Access Token (fallback): Manual PAT entry for advanced users Backend changes: - Added GitHubAppService for OAuth token exchange and refresh - Added GitHub API endpoints (/api/github/status, /api/github/oauth/*, /api/github/pat) - Updated GitService to support per-user tokens for clone/push operations - Extended UserConfigManager with GitHub credential methods - Added GitHubAppConnection and PAT fields to UserConfig type Frontend changes: - Added GitHub settings section in settings view - OAuth "Connect with GitHub" button - PAT input with validation - Connection status display Required env vars for OAuth: GITHUB_APP_CLIENT_ID, GITHUB_APP_CLIENT_SECRET Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add `repo` scope to NextAuth GitHub provider for automatic repo access - Auto-sync GitHub token from session to backend on sign-in - Add /api/github/sync endpoint for token synchronization - Simplify GitHub settings UI (auto-connected for GitHub sign-in users) - Remove duplicate GITHUB_APP_CLIENT_* env vars from backend - Improve login page with loading state and privacy indicator - Add success feedback for auth operations - Better error messages throughout auth flow Users who sign in with GitHub now automatically have private repo access. PAT remains as fallback for Google sign-in users. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add private repo access benefit indicator on login page - Show GitHub auth hints in clone/create workspace modals - Display connected GitHub account in create repo flow - Improve error messages for auth-related clone/create failures Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
API errors now display the actual error message from the backend instead of generic status codes, improving user feedback when operations fail. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Show spinner while signing out to prevent double-clicks - Redirect to home after sign-out - Consistent callback URLs for sign-in/out Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Display GitHub icon next to username for users who signed in with GitHub, with tooltip indicating repos are connected. Helps users understand their auth context. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add screen reader support with role="alert", aria-live="polite", and aria-hidden on decorative icons for better accessibility. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add aria-label to settings close button - Add role="alert/status" and aria-live to success/error messages - Add proper label association for PAT input with htmlFor/id - Add aria-describedby for PAT input hint text - Mark decorative icons as aria-hidden Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add role="alert" and aria-live to error messages - Add proper label associations with htmlFor/id for all inputs - Add aria-describedby for input hints Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Check session status on login page mount - Redirect authenticated users to home page - Show loading spinner while checking auth status Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add autoComplete="off" to prevent password autofill confusion
- Add spellCheck={false} for token and URL inputs
- Prevents browser from suggesting unrelated saved credentials
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace img with Next.js Image component for automatic optimization - Improves LCP and reduces bandwidth for avatar images Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add signInError state to track client-side sign-in failures - Display network error message when GitHub OAuth can't connect - Combined error display handles both URL params and local errors Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Changes
Backend
GET /api/github/status- Get user's GitHub auth statusGET /api/github/oauth/url- Generate OAuth authorization URLPOST /api/github/oauth/callback- Complete OAuth flowPOST /api/github/disconnect- Disconnect GitHub AppPOST /api/github/pat- Set and validate PATDELETE /api/github/pat- Clear PATPOST /api/github/pat/validate- Validate PAT without savingGitHubAppConnectioninterface andgithubPat/githubfields toUserConfigFrontend
Configuration
To enable GitHub OAuth, set these environment variables:
GITHUB_APP_CLIENT_ID- GitHub OAuth App client IDGITHUB_APP_CLIENT_SECRET- GitHub OAuth App client secretWithout these, only PAT authentication will be available.
Test Plan
🤖 Generated with Claude Code