Skip to content

docs(auth): switch auth connection docs from tailorctl to SDK#154

Merged
anukiransolur merged 11 commits into
mainfrom
fix/auth-connection
Jul 2, 2026
Merged

docs(auth): switch auth connection docs from tailorctl to SDK#154
anukiransolur merged 11 commits into
mainfrom
fix/auth-connection

Conversation

@toiroakr

@toiroakr toiroakr commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Rewrite the AuthConnection guide (docs/guides/auth/authconnection.md) to configure and manage connections through the SDK (defineAuth()'s connections field + tailor-sdk CLI) instead of tailorctl, following sdk#1603 which made deploy update connections in-place and preserve the OAuth token
  • Sync docs/sdk/services/auth.md from the SDK repo to pick up the same change (drops the stale delete-and-recreate warning and Change Detection section). This file is normally auto-synced by the daily sdk-docs-sync workflow, but that job only runs against main and wouldn't catch up until after merge, so it's included here to keep the guide and the SDK reference consistent within this PR
  • Update the setup-auth-connections tutorial's info box to describe in-place updates instead of the old hash-based revoke/recreate behavior

toiroakr added 6 commits July 1, 2026 12:35
- Rewrite the AuthConnection guide to use defineAuth() connections and
  tailor-sdk CLI instead of tailorctl, reflecting the in-place update
  behavior from sdk#1603
- Sync docs/sdk/services/auth.md from the SDK repo to pick up the same
  change
- Update the setup-auth-connections tutorial's change-detection note to
  describe in-place updates instead of the old hash-based revoke/recreate
  behavior
Switch runtime token examples from auth.getConnectionToken() (the
defineAuth() return value, which requires importing tailor.config.ts
into runtime code) to authconnection.getConnectionToken() from
@tailor-platform/sdk/runtime.
- Sync docs/sdk/services/auth.md and docs/sdk/testing.md from the SDK repo
- authconnection.getConnectionToken() from @tailor-platform/sdk/runtime is
  now type-checked against defineAuth()'s connections via a generated
  ConnectionNameRegistry (mirroring MachineUserNameRegistry); document the
  narrowing and the tailor-sdk generate/deploy step needed to refresh it
- Fix Token Properties to list only access_token, matching the corrected
  AuthConnectionTokenResult shape (GetConnectionSessionToken never returns
  refresh_token, token_type, or expires_at)
- Fix stray tailor-sdk apply references to deploy, the actual command name
@toiroakr toiroakr marked this pull request as ready for review July 2, 2026 13:02
@toiroakr toiroakr requested a review from a team as a code owner July 2, 2026 13:02
toiroakr added 5 commits July 2, 2026 22:08
…ivity

- Add Option B: fully managing a connection (create, authorize, revoke,
  delete) from the Console via 'tailor-sdk authconnection open', with no
  tailor.config.ts changes
- Add a Choosing a Management Method section explaining that a connection
  is owned by exactly one side at a time, based on the SDK's ownership-label
  mechanism (planAuthConnections/confirmUnmanagedResources in the SDK
  source): a Console-created connection has no label and deploy leaves it
  alone, but declaring the same name in defineAuth() prompts to adopt it
  into config management, after which config always wins
- Add the 'authconnection delete' command (removes the connection entirely,
  vs 'revoke' which only invalidates tokens) and a note not to delete a
  config-managed connection out of band
- Point the setup-auth-connections tutorial at the guide's Setup Flow
  section for readers who want the Console-only path instead
Verified against the SDK source (auth-connection.ts buildUpdateMask and
the auth-connection.test.ts CI-scenario tests): once a connection is
already deployed, an empty clientSecret is excluded from the update
mask entirely, leaving the stored secret untouched. This only applies
to updates of an existing connection — the initial create still
requires the real secret. Also note that the field must be an explicit
empty string, not undefined, since the config schema requires a string.
process.env.X! only silences TypeScript; if the var is actually unset
at runtime, clientSecret stays undefined and AuthConfigSchema.parse
still throws. process.env.X ?? "" is the pattern that actually
produces a string in that case.
@anukiransolur anukiransolur merged commit 9f832f3 into main Jul 2, 2026
3 checks passed
@anukiransolur anukiransolur deleted the fix/auth-connection branch July 2, 2026 22:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants