Add GitHub credential provider (OAuth device flow)#6
Merged
Conversation
Adds NextIteration.SpectreConsole.Auth.Providers.GitHub, a credential provider whose collector runs the OAuth device flow — the same flow the GitHub CLI uses by default. It prompts for the GitHub host, OAuth App client id, and scopes; requests a device/user code; polls the token endpoint (honouring interval, slow_down, and authorization_pending); then validates and enriches the credential via GET /user. - GitHubCredential / GitHubToken / GitHubAuthenticationService / GitHubCredentialCollector / GitHubCredentialSummaryProvider, plus the AddGitHubAuthProvider DI extension. - Configurable host: defaults to github.com; an Enterprise Server host derives the matching web and /api/v3 base URLs. - Token refresh for OAuth Apps that issue expiring tokens; classic non-expiring tokens pass straight through. - Full xUnit suite (49 tests) with a sequenced HTTP stub and injected clock/delay so the polling and refresh paths are covered without sleeping. - Wires the project into the solution, CI (github-v* tag, pack, publish), the top-level README, CHANGELOG, RELEASING, and a matching package icon.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Adds
NextIteration.SpectreConsole.Auth.Providers.GitHub— a credential provider for the framework, using the OAuth device flow, the same flowgh auth loginuses by default. GitHub is far more relatable than the existing niche providers, making the repo a better teaching sample for "how do I write a provider."Auth model
The collector runs the device flow end to end:
github.com), the OAuth App client id, and the requested scopes (defaultrepo read:org).POST {host}/login/device/code).POST {host}/login/oauth/access_tokenhonouring the serverinterval, theslow_downback-off, andauthorization_pending, until the user authorises (or the code expires).GET {api}/user("authenticated as X").The OAuth App client id is prompted (the user brings their own app), so nothing needs to be registered or embedded in the repo. The auth service is a pass-through for classic non-expiring tokens; for apps that issue expiring tokens it refreshes via
grant_type=refresh_tokenbefore use.Scope of changes
src/...GitHub/:GitHubCredential,GitHubToken, DTOs,GitHubCredentialCollector,GitHubAuthenticationService,GitHubCredentialSummaryProvider,ServiceCollectionExtensions, csproj (dual-targetnet8.0/net10.0), README, icon.tests/...GitHub.Tests/: 49 xUnit tests. A sequencedStubHttpClientFactoryplus an injected clock/delay cover the device-code, polling (pending / slow_down / denied / timeout), user-enrichment, and refresh paths without sleeping on real intervals.github-v*tag trigger, pack step, publish case +if), top-level README (providers table + DI snippet), CHANGELOG (GitHub0.1.0), RELEASING (tag table), and a matching design SVG + package icon.https://{host}/) and REST (https://{host}/api/v3/) base URLs.Known limitation
A refreshed access token is not written back to the keystore in this version (the core
ICredentialManagerexposes no update API). Documented in the package README; consumers should cache the returned token for its lifetime.Verification
dotnet build -c Release— clean, 0 warnings (both target frameworks).dotnet test -c Release— all suites green (Adobe, Airtable, GitHub 49, SoftwareOne).dotnet pack—.nupkg/.snupkgbuild withicon.png+README.mdpacked for both TFMs.