refactor(auth): migrate to octokit/oauth-method library

Signed-off-by: Adam Setch <adam.setch@outlook.com>

Author: setchy

jest.config.ts

@@ -14,9 +14,10 @@ const config: Config = {
   },
   // Allow transforming specific ESM packages in node_modules that ship untranspiled ESM.
   // @primer/* libraries rely on lit and @lit-labs/react internally for some components.
+  // @octokit/* libraries rely on universal-user-agent internally.
   // We also include GitHub web components that ship ESM-only builds.
   transformIgnorePatterns: [
-    'node_modules/(?!(?:@primer/react|@primer/primitives|@primer/octicons-react|@lit-labs/react|lit|@github/relative-time-element|@github/tab-container-element)/)',
+    'node_modules/(?!(?:@primer/react|@primer/primitives|@primer/octicons-react|@lit-labs/react|lit|@github/relative-time-element|@github/tab-container-element|@octokit/oauth-methods|@octokit/oauth-authorization-url|@octokit/request|@octokit/request-error|@octokit/endpoint|universal-user-agent)/)',
   ],
   moduleNameMapper: {
     // Force CommonJS build for http adapter to be available.

package.json

@@ -84,7 +84,9 @@
     "@electron/notarize": "3.1.1",
     "@graphql-codegen/cli": "6.1.0",
     "@graphql-codegen/schema-ast": "5.0.0",
+    "@octokit/oauth-methods": "6.0.2",
     "@octokit/openapi-types": "27.0.0",
+    "@octokit/request": "10.0.7",
     "@parcel/watcher": "2.5.1",
     "@primer/css": "22.1.0",
     "@primer/octicons-react": "19.21.1",
@@ -149,4 +151,4 @@
     "*": "biome check --no-errors-on-unmatched",
     "*.{js,ts,tsx}": "pnpm test --findRelatedTests --passWithNoTests --updateSnapshot"
   }
-}
+}

pnpm-lock.yaml

@@ -1,4 +1,5 @@
 import type { ClientID, ClientSecret, Hostname, Link } from './types';
+import type { LoginOAuthAppOptions } from './utils/auth/types';
 
 export const Constants = {
   STORAGE_KEY: 'gitify-storage',
@@ -13,8 +14,9 @@ export const Constants = {
     hostname: 'github.com' as Hostname,
     clientId: process.env.OAUTH_CLIENT_ID as ClientID,
     clientSecret: process.env.OAUTH_CLIENT_SECRET as ClientSecret,
-  },
+  } satisfies LoginOAuthAppOptions,
 
+  GITHUB_BASE_URL: 'https://github.com',
   GITHUB_API_BASE_URL: 'https://api.github.com',
   GITHUB_API_GRAPHQL_URL: 'https://api.github.com/graphql',
 

src/renderer/constants.ts

@@ -37,10 +37,10 @@ import type {
 } from '../utils/auth/types';
 import {
   addAccount,
-  authGitHub,
+  exchangeAuthCodeForAccessToken,
   getAccountUUID,
-  getToken,
   hasAccounts,
+  performGitHubOAuth,
   refreshAccount,
   removeAccount,
 } from '../utils/auth/utils';
@@ -405,22 +405,36 @@ export const AppProvider = ({ children }: { children: ReactNode }) => {
     return hasAccounts(auth);
   }, [auth]);
 
+  /**
+   * Note: although we call this "Login with GitHub App", this function actually
+   * authenticates via a predefined "Gitify" GitHub OAuth App.
+   */
   const loginWithGitHubApp = useCallback(async () => {
-    const { authCode } = await authGitHub();
-    const { token } = await getToken(authCode);
+    const { authCode } = await performGitHubOAuth(
+      Constants.DEFAULT_AUTH_OPTIONS,
+    );
+    const token = await exchangeAuthCodeForAccessToken(authCode);
     const hostname = Constants.DEFAULT_AUTH_OPTIONS.hostname;
 
     const updatedAuth = await addAccount(auth, 'GitHub App', token, hostname);
 
     persistAuth(updatedAuth);
   }, [auth, persistAuth]);
 
+  /**
+   * Login with custom GitHub OAuth App
+   */
   const loginWithOAuthApp = useCallback(
     async (data: LoginOAuthAppOptions) => {
-      const { authOptions, authCode } = await authGitHub(data);
-      const { token, hostname } = await getToken(authCode, authOptions);
+      const { authOptions, authCode } = await performGitHubOAuth(data);
+      const token = await exchangeAuthCodeForAccessToken(authCode, authOptions);
 
-      const updatedAuth = await addAccount(auth, 'OAuth App', token, hostname);
+      const updatedAuth = await addAccount(
+        auth,
+        'OAuth App',
+        token,
+        authOptions.hostname,
+      );
 
       persistAuth(updatedAuth);
     },