Expand description
Pre-launch OAuth flow RPC handlers.
Five commands per docs/specs/SPEC_PRE_LAUNCH_OAUTH_FLOW_2026_05_14.md §7:
auth.start—StartProviderAuthauth.poll—PollProviderAuthauth.submitcallback—SubmitAuthCallbackauth.cancel—CancelProviderAuthauth.submitapikey—SubmitProviderApiKey
This module owns the RPC surface and dispatches into
crate::identity::auth_session::AuthSessionManager. The actual
provider-CLI spawn (which feeds stdout lines into the session
via record_line) lands in a follow-up commit on this branch —
these handlers ship the lifecycle plumbing and return clear
“spawn not yet wired” errors for the callback/api-key paths so
frontend (PR B) can integrate against the real shape.
Structs§
- AckResp 🔒
- Cancel
Provider 🔒Auth Req - Poll
Provider 🔒Auth Req - Start
Provider 🔒Auth Req - Submit
Auth 🔒Callback Req - Submit
Provider 🔒ApiKey Req
Constants§
- COMMAND_
AUTH_ CANCEL - COMMAND_
AUTH_ POLL - COMMAND_
AUTH_ START - COMMAND_
AUTH_ SUBMIT_ API_ KEY - COMMAND_
AUTH_ SUBMIT_ CALLBACK
Functions§
- compute_
and_ 🔒ensure_ bundle_ dir - Compute the per-bundle OAuth config dir + ensure it exists +
override the provider’s
auth_config_dir_env_varentry inauth_env. - confirm_
authenticated 🔒 - Run the provider’s auth-check subcommand and return true if it exits 0. Failure modes (binary missing, network error, etc.) are all treated as “not authenticated” — the caller will then either keep waiting (drain task loop) or transition to Failed (exit fallback).
- persist_
oauth_ 🔒binding_ or_ synthetic - On a successful OAuth handshake (CLI exited 0 + authCheckCommand
confirmed), persist the OAuth binding into the bundle and return
the real bundle id to use in the
Successwire status. - register_
identity_ handlers - spawn_
auth_ 🔒cli - Spawn the provider’s auth-login CLI and drive the session through
to a terminal state. Background-only — returns immediately. The
drain task feeds stdout+stderr lines into
AuthSessionManager::record_line; on a login-success pattern OR child exit, runs the provider’s authCheckCommand to confirm and transitions to Success or Failed. - spawn_
auth_ 🔒cli_ pty - PTY-backed variant of spawn_auth_cli. Used for providers whose auth
subcommand bails on
isatty()==0(currently OpenClaw). Mirrors the pipes path’s lifecycle: spawn → drain → confirm → finish_success or finish_failure → detach. Stdout+stderr are merged on the PTY side;record_linedoesn’t care which stream a line came from.