feat(auth): sign in via cloud login page with short-lived desktop login codes (GTM-93)#1222
Draft
benceruleanlu wants to merge 1 commit into
Draft
feat(auth): sign in via cloud login page with short-lived desktop login codes (GTM-93)#1222benceruleanlu wants to merge 1 commit into
benceruleanlu wants to merge 1 commit into
Conversation
…in codes (GTM-93)
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
✨ Simplify code
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Desktop half of GTM-93 macOS web→desktop identity stitching: sign-in now runs through the real cloud.comfy.org login page with a short-lived, PKCE-bound desktop login code — no loopback callback, no credentials over localhost.
New
src/main/auth/desktopLoginCode/module, attempted first from the existinghandleFirebasePopupintercept:POST /api/auth/desktop-login-codes(installation_id=getDeviceId()machine hash, included only when telemetry consent is granted; the auth handoff works without it)./cloud/login?desktop_login_code=dlc_…(only the opaque code — neverinstallation_id— transits the URL), reusing the copy-link banner./exchange(interval + jitter, abortable singleton, one final attempt at deadline) until the signed-in browser session redeems the code with explicit user approval.accounts:signInWithCustomToken+accounts:lookup(main process has no Firebase SDK), assemble the persisted user via the sameassemblePersistedUsercontract as the OAuth path, then the unchanged IndexedDB inject +bindSignedInUser+ focus restore.sign_in_started {flow: 'desktop_login_code'}(only once the browser actually opens),comfy.desktop.identity.login_attributed {via: 'desktop_login_code'}on success,sign_in_failedwith error bucket otherwise.Hard fallback: if code creation fails (old backend, network, timeout) — or the deployment targets the dev Firebase project through a non-loopback origin — the legacy loopback bridge runs unchanged. Login can never get worse than today.
Why
Windows stitches web→desktop by stamping a download token into the installer; macOS DMGs are notarized and can't be stamped. Logging in on the real cloud page in the user's own browser lets the web
posthog.identify(uid)merge top-of-funnel anon activity into the Firebase uid, while the backend emitscomfy.cloud.identity.login_attributed(uid ↔ installation_id) at redeem — the login-time twin of the Windowsdownload_attributedevent. Bonus: passkeys/password-manager autofill/email+password all work, since the login UI is the real cloud page rather than the bridge's provider redirect.Supersedes #1150: same goal, but the browser never POSTs to a localhost server — the desktop pulls a one-time Firebase custom token with code + PKCE verifier (the token-over-loopback concern from that review is gone), so the fixed port 9876, CORS/PNA headers, and callback validation all disappear from this path.
Notes
oauth.ts's persisted-user assembly extracted into exportedassemblePersistedUser(byte-identical output; legacy path delegates) so both sign-in paths share theUser.toJSON()/stsTokenManagercontract that IndexedDB rehydration depends on.getDeviceId()(the machine hash) forinstallation_id, matching that PR's direction.Testing
83 tests in
src/main/auth(46 new): PKCE vectors, origin resolution, client status classification (pending/complete/terminal/retryable/timeout), custom-token REST chain + persisted-user contract, orchestrator (fallback-on-create-failure, consent gating, noinstallation_idin URLs, poll pending→complete, final-attempt-at-deadline, supersession/abort races, dev-env guard, telemetry ordering). Full suite green; typecheck/lint clean.Landing order
signBlobfor custom-token minting)GTM-93 · Supersedes #1150