feat: gh auth Automatically copy one-time OAuth code to clipboard (cli#11518)

* feat: add ability to copy one-time OAuth code while authenticating

Signed-off-by: Andrey <andrekabatareika@gmail.com>

* fix(docs): wrong example for gh auth refresh

* chore(authflow): update message to include one-time code to it

Co-authored-by: Kynan Ware <47394200+BagToad@users.noreply.github.com>

* chore(authflow): improve message when copied one-time code

Co-authored-by: Kynan Ware <47394200+BagToad@users.noreply.github.com>

* chore(authflow): don't early return error when could not copy OAuth code

Co-authored-by: Kynan Ware <47394200+BagToad@users.noreply.github.com>

* refactor(authflow): make code for working with OAuth code more readable

* Adjust language in `gh auth` help for clipboard

---------

Signed-off-by: Andrey <andrekabatareika@gmail.com>
Co-authored-by: Kynan Ware <47394200+BagToad@users.noreply.github.com>

Author: ankddev

go.mod

@@ -8,6 +8,7 @@ require (
 	github.com/AlecAivazis/survey/v2 v2.3.7
 	github.com/MakeNowJust/heredoc v1.0.0
 	github.com/Netflix/go-expect v0.0.0-20220104043353-73e0943537d2
+	github.com/atotto/clipboard v0.1.4
 	github.com/briandowns/spinner v1.23.2
 	github.com/cenkalti/backoff/v4 v4.3.0
 	github.com/cenkalti/backoff/v5 v5.0.2
@@ -84,7 +85,6 @@ require (
 	github.com/Masterminds/sprig/v3 v3.3.0 // indirect
 	github.com/alecthomas/chroma/v2 v2.19.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/atotto/clipboard v0.1.4 // indirect
 	github.com/avast/retry-go/v4 v4.6.1 // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/aymerick/douceur v0.2.0 // indirect

internal/authflow/flow.go

@@ -9,6 +9,7 @@ import (
 	"regexp"
 	"strings"
 
+	"github.com/atotto/clipboard"
 	"github.com/cli/cli/v2/api"
 	"github.com/cli/cli/v2/internal/browser"
 	"github.com/cli/cli/v2/internal/ghinstance"
@@ -29,7 +30,7 @@ var (
 	jsonTypeRE = regexp.MustCompile(`[/+]json($|;)`)
 )
 
-func AuthFlow(oauthHost string, IO *iostreams.IOStreams, notice string, additionalScopes []string, isInteractive bool, b browser.Browser) (string, string, error) {
+func AuthFlow(oauthHost string, IO *iostreams.IOStreams, notice string, additionalScopes []string, isInteractive bool, b browser.Browser, isCopyToClipboard bool) (string, string, error) {
 	w := IO.ErrOut
 	cs := IO.ColorScheme()
 
@@ -55,6 +56,15 @@ func AuthFlow(oauthHost string, IO *iostreams.IOStreams, notice string, addition
 		CallbackURI:  getCallbackURI(oauthHost),
 		Scopes:       scopes,
 		DisplayCode: func(code, verificationURL string) error {
+			if isCopyToClipboard {
+				err := clipboard.WriteAll(code)
+				if err == nil {
+					fmt.Fprintf(w, "%s One-time code (%s) copied to clipboard\n", cs.Yellow("!"), cs.Bold(code))
+					return nil
+				}
+				fmt.Fprintf(w, "%s Failed to copy one-time code to clipboard\n", cs.Red("!"))
+				fmt.Fprintf(w, "  %s\n", err)
+			}
 			fmt.Fprintf(w, "%s First copy your one-time code: %s\n", cs.Yellow("!"), cs.Bold(code))
 			return nil
 		},

pkg/cmd/auth/login/login.go

@@ -38,6 +38,7 @@ type LoginOptions struct {
 	GitProtocol      string
 	InsecureStorage  bool
 	SkipSSHKeyPrompt bool
+	Clipboard        bool
 }
 
 func NewCmdLogin(f *cmdutil.Factory, runF func(*LoginOptions) error) *cobra.Command {
@@ -95,6 +96,9 @@ func NewCmdLogin(f *cmdutil.Factory, runF func(*LoginOptions) error) *cobra.Comm
 			# Start interactive setup
 			$ gh auth login
 
+			# Open a browser to authenticate and copy one-time OAuth code to clipboard
+			$ gh auth login --web --clipboard
+
 			# Authenticate against github.com by reading the token from a file
 			$ gh auth login --with-token < mytoken.txt
 
@@ -145,6 +149,7 @@ func NewCmdLogin(f *cmdutil.Factory, runF func(*LoginOptions) error) *cobra.Comm
 	cmd.Flags().StringSliceVarP(&opts.Scopes, "scopes", "s", nil, "Additional authentication scopes to request")
 	cmd.Flags().BoolVar(&tokenStdin, "with-token", false, "Read token from standard input")
 	cmd.Flags().BoolVarP(&opts.Web, "web", "w", false, "Open a browser to authenticate")
+	cmd.Flags().BoolVarP(&opts.Clipboard, "clipboard", "c", false, "Copy one-time OAuth device code to clipboard")
 	cmdutil.StringEnumFlag(cmd, &opts.GitProtocol, "git-protocol", "p", "", []string{"ssh", "https"}, "The protocol to use for git operations on this host")
 
 	// secure storage became the default on 2023/4/04; this flag is left as a no-op for backwards compatibility
@@ -227,6 +232,7 @@ func loginRun(opts *LoginOptions) error {
 		},
 		SecureStorage:    !opts.InsecureStorage,
 		SkipSSHKeyPrompt: opts.SkipSSHKeyPrompt,
+		CopyToClipboard:  opts.Clipboard,
 	})
 }
 

pkg/cmd/auth/login/login_test.go

@@ -129,6 +129,26 @@ func Test_NewCmdLogin(t *testing.T) {
 				Interactive: true,
 			},
 		},
+		{
+			name:     "tty web and clipboard",
+			stdinTTY: true,
+			cli:      "--web --clipboard",
+			wants: LoginOptions{
+				Hostname:    "github.com",
+				Web:         true,
+				Interactive: true,
+				Clipboard:   true,
+			},
+		},
+		{
+			name: "nontty web and clipboard",
+			cli:  "--web --clipboard",
+			wants: LoginOptions{
+				Hostname:  "github.com",
+				Web:       true,
+				Clipboard: true,
+			},
+		},
 		{
 			name:     "tty web",
 			stdinTTY: true,
@@ -273,6 +293,7 @@ func Test_NewCmdLogin(t *testing.T) {
 			assert.Equal(t, tt.wants.Web, gotOpts.Web)
 			assert.Equal(t, tt.wants.Interactive, gotOpts.Interactive)
 			assert.Equal(t, tt.wants.Scopes, gotOpts.Scopes)
+			assert.Equal(t, tt.wants.Clipboard, gotOpts.Clipboard)
 		})
 	}
 }

pkg/cmd/auth/refresh/refresh.go

@@ -33,18 +33,19 @@ type RefreshOptions struct {
 	Scopes       []string
 	RemoveScopes []string
 	ResetScopes  bool
-	AuthFlow     func(*iostreams.IOStreams, string, []string, bool) (token, username, error)
+	AuthFlow     func(*iostreams.IOStreams, string, []string, bool, bool) (token, username, error)
 
 	Interactive     bool
 	InsecureStorage bool
+	Clipboard       bool
 }
 
 func NewCmdRefresh(f *cmdutil.Factory, runF func(*RefreshOptions) error) *cobra.Command {
 	opts := &RefreshOptions{
 		IO:     f.IOStreams,
 		Config: f.Config,
-		AuthFlow: func(io *iostreams.IOStreams, hostname string, scopes []string, interactive bool) (token, username, error) {
-			t, u, err := authflow.AuthFlow(hostname, io, "", scopes, interactive, f.Browser)
+		AuthFlow: func(io *iostreams.IOStreams, hostname string, scopes []string, interactive bool, clipboard bool) (token, username, error) {
+			t, u, err := authflow.AuthFlow(hostname, io, "", scopes, interactive, f.Browser, clipboard)
 			return token(t), username(u), err
 		},
 		HttpClient: &http.Client{},
@@ -89,6 +90,9 @@ func NewCmdRefresh(f *cmdutil.Factory, runF func(*RefreshOptions) error) *cobra.
 
 			# Open a browser to re-authenticate with the default minimum scopes
 			$ gh auth refresh --reset-scopes
+
+			# Open a browser to re-authenticate and copy one-time OAuth code to clipboard
+			$ gh auth refresh --clipboard
 		`),
 		RunE: func(cmd *cobra.Command, args []string) error {
 			opts.Interactive = opts.IO.CanPrompt()
@@ -109,6 +113,7 @@ func NewCmdRefresh(f *cmdutil.Factory, runF func(*RefreshOptions) error) *cobra.
 	cmd.Flags().StringSliceVarP(&opts.Scopes, "scopes", "s", nil, "Additional authentication scopes for gh to have")
 	cmd.Flags().StringSliceVarP(&opts.RemoveScopes, "remove-scopes", "r", nil, "Authentication scopes to remove from gh")
 	cmd.Flags().BoolVar(&opts.ResetScopes, "reset-scopes", false, "Reset authentication scopes to the default minimum set of scopes")
+	cmd.Flags().BoolVarP(&opts.Clipboard, "clipboard", "c", false, "Copy one-time OAuth device code to clipboard")
 	// secure storage became the default on 2023/4/04; this flag is left as a no-op for backwards compatibility
 	var secureStorage bool
 	cmd.Flags().BoolVar(&secureStorage, "secure-storage", false, "Save authentication credentials in secure credential store")
@@ -199,7 +204,7 @@ func refreshRun(opts *RefreshOptions) error {
 
 	additionalScopes.RemoveValues(opts.RemoveScopes)
 
-	authedToken, authedUser, err := opts.AuthFlow(opts.IO, hostname, additionalScopes.ToSlice(), opts.Interactive)
+	authedToken, authedUser, err := opts.AuthFlow(opts.IO, hostname, additionalScopes.ToSlice(), opts.Interactive, opts.Clipboard)
 	if err != nil {
 		return err
 	}

pkg/cmd/auth/refresh/refresh_test.go

@@ -33,17 +33,43 @@ func Test_NewCmdRefresh(t *testing.T) {
 				Hostname: "",
 			},
 		},
+		{
+			name: "tty clipboard",
+			tty:  true,
+			cli:  "-c",
+			wants: RefreshOptions{
+				Hostname:  "",
+				Clipboard: true,
+			},
+		},
 		{
 			name:     "nontty no arguments",
 			wantsErr: true,
 		},
+		{
+			name: "nontty hostname and clipboard",
+			cli:  "-h aline.cedrac -c",
+			wants: RefreshOptions{
+				Hostname:  "aline.cedrac",
+				Clipboard: true,
+			},
+		},
 		{
 			name: "nontty hostname",
 			cli:  "-h aline.cedrac",
 			wants: RefreshOptions{
 				Hostname: "aline.cedrac",
 			},
 		},
+		{
+			name: "tty hostname and clipboard",
+			tty:  true,
+			cli:  "-h aline.cedrac -c",
+			wants: RefreshOptions{
+				Hostname:  "aline.cedrac",
+				Clipboard: true,
+			},
+		},
 		{
 			name: "tty hostname",
 			tty:  true,
@@ -166,6 +192,7 @@ func Test_NewCmdRefresh(t *testing.T) {
 			require.NoError(t, err)
 			require.Equal(t, tt.wants.Hostname, gotOpts.Hostname)
 			require.Equal(t, tt.wants.Scopes, gotOpts.Scopes)
+			require.Equal(t, tt.wants.Clipboard, gotOpts.Clipboard)
 		})
 	}
 }
@@ -174,6 +201,7 @@ type authArgs struct {
 	hostname      string
 	scopes        []string
 	interactive   bool
+	clipboard     bool
 	secureStorage bool
 }
 
@@ -226,6 +254,22 @@ func Test_refreshRun(t *testing.T) {
 				secureStorage: true,
 			},
 		},
+		{
+			name: "no hostname, one host configured, clipboard enabled",
+			cfgHosts: []string{
+				"github.com",
+			},
+			opts: &RefreshOptions{
+				Hostname:  "",
+				Clipboard: true,
+			},
+			wantAuthArgs: authArgs{
+				hostname:      "github.com",
+				scopes:        []string{},
+				secureStorage: true,
+				clipboard:     true,
+			},
+		},
 		{
 			name: "no hostname, one host configured",
 			cfgHosts: []string{
@@ -427,10 +471,11 @@ func Test_refreshRun(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			aa := authArgs{}
-			tt.opts.AuthFlow = func(_ *iostreams.IOStreams, hostname string, scopes []string, interactive bool) (token, username, error) {
+			tt.opts.AuthFlow = func(_ *iostreams.IOStreams, hostname string, scopes []string, interactive bool, clipboard bool) (token, username, error) {
 				aa.hostname = hostname
 				aa.scopes = scopes
 				aa.interactive = interactive
+				aa.clipboard = clipboard
 				if tt.authOut != (authOut{}) {
 					return token(tt.authOut.token), username(tt.authOut.username), tt.authOut.err
 				}
@@ -488,6 +533,7 @@ func Test_refreshRun(t *testing.T) {
 			require.Equal(t, tt.wantAuthArgs.hostname, aa.hostname)
 			require.Equal(t, tt.wantAuthArgs.scopes, aa.scopes)
 			require.Equal(t, tt.wantAuthArgs.interactive, aa.interactive)
+			require.Equal(t, tt.wantAuthArgs.clipboard, aa.clipboard)
 
 			authCfg := cfg.Authentication()
 			activeUser, _ := authCfg.ActiveUser(aa.hostname)

pkg/cmd/auth/shared/login_flow.go

@@ -40,6 +40,7 @@ type LoginOptions struct {
 	CredentialFlow   *GitCredentialFlow
 	SecureStorage    bool
 	SkipSSHKeyPrompt bool
+	CopyToClipboard  bool
 
 	sshContext ssh.Context
 }
@@ -148,7 +149,7 @@ func Login(opts *LoginOptions) error {
 
 	if authMode == 0 {
 		var err error
-		authToken, username, err = authflow.AuthFlow(hostname, opts.IO, "", append(opts.Scopes, additionalScopes...), opts.Interactive, opts.Browser)
+		authToken, username, err = authflow.AuthFlow(hostname, opts.IO, "", append(opts.Scopes, additionalScopes...), opts.Interactive, opts.Browser, opts.CopyToClipboard)
 		if err != nil {
 			return fmt.Errorf("failed to authenticate via web browser: %w", err)
 		}