Skip to content

feat: Implement Desktop OAuth Support #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
vreshch merged 3 commits into from
Dec 12, 2025
Merged

feat: Implement Desktop OAuth Support #15

vreshch merged 3 commits into from
Dec 12, 2025

Conversation

@vreshch
Copy link
Contributor

@vreshch vreshch commented Dec 12, 2025

Summary

This PR implements Desktop OAuth Support for the Agentage platform, allowing desktop applications to authenticate users via web-based OAuth with localhost callback.

Changes

Backend

OAuth Routes ()

  • Added support for desktop mode query parameters:
    • desktop=true - enables desktop authentication flow
    • callback - localhost callback URL for redirect
    • include_provider_token=true - includes provider access token in response
  • Parameters are stored in OAuth state for CSRF protection
  • All three providers supported: GitHub, Google, Microsoft

OAuth Callbacks ()

  • Updated callback handlers to detect desktop mode from state
  • Validate callback URL is localhost only (security requirement)
  • Redirect to desktop callback with JWT token
  • Include provider access token when requested (as github_token, google_token, or microsoft_token)

OAuth Service ()

  • Modified OAuth strategies to capture provider access tokens
  • Store tokens in req.user.providerToken for callback use
  • Added proper TypeScript types for all OAuth profiles

Type Definitions ()

  • Added providerToken?: string to Express.User interface

Frontend

Desktop Login Page ()

  • New page at /desktop-login route
  • Accepts callback query parameter (defaults to http://localhost:3739/callback)
  • Displays authentication provider buttons (Google, GitHub, Microsoft)
  • Modern UI with security information for users
  • Each button redirects to OAuth with desktop parameters

How It Works

  1. Desktop app opens browser to: https://agentage.io/desktop-login?callback=http://localhost:3739/callback
  2. User selects authentication provider (e.g., GitHub)
  3. Browser navigates to: /api/auth/github?desktop=true&callback=http://localhost:3739/callback&include_provider_token=true
  4. User completes OAuth flow with the provider
  5. Backend validates callback URL is localhost and redirects to: http://localhost:3739/callback?token=JWT&github_token=PROVIDER_TOKEN
  6. Desktop app receives tokens and completes authentication

Security

  • Localhost-only validation: Callback URLs must be localhost or 127.0.0.1
  • CSRF protection: Desktop parameters stored in OAuth state parameter
  • Port validation: Accepts ports 3000-65535

Testing

All verification commands passed:

  • npm run type-check - TypeScript compilation successful
  • npm run lint - No new linting errors
  • npm run test - All tests passing
  • npm run build - Production build successful

Related

  • Implements requirements from specs/desktop-oauth.md
  • Updates specs/auth.md status to ✅ Implemented

Files Changed

  • packages/backend/src/routes/auth/index.ts (+206, -17)
  • packages/backend/src/services/oauth/oauth.service.ts (+30, -4)
  • packages/backend/src/types/express.d.ts (+3)
  • packages/frontend/src/app/desktop-login/page.tsx (+116, new file)

Total: 4 files changed, 334 insertions(+), 21 deletions(-)

@vreshch
feat: implement desktop OAuth support
1549ef5 
- Add desktop mode parameters (desktop, callback, include_provider_token) to OAuth routes
- Update OAuth callbacks to redirect to localhost when in desktop mode
- Capture and pass provider access tokens for desktop flow
- Add providerToken field to Express.User type
- Create /desktop-login frontend page for desktop authentication
- Add localhost-only validation for security

Implements requirements from specs/desktop-oauth.md
@vreshch
fix: replace any types with proper TypeScript interfaces
4f47115 
- Add OAuthStateData interface for OAuth state parameter
- Import and use Profile types from passport strategies
- Fix all eslint @typescript-eslint/no-explicit-any warnings
@vreshch
fix: add MicrosoftProfile interface for build compatibility
edb0f6b 
passport-microsoft doesn't export Profile type, so define custom interface
@github-actions
Copy link

github-actions bot commented Dec 12, 2025

Pull Request Validation Successful

Step Results:

  • 📦 Install dependencies: true
  • 🔍 Run linting: true
  • 🧪 Run tests: true
  • 🏗️ Build packages: true

🎉 All quality checks passed! Ready to merge.

📋 View workflow run

🐳 Docker Images Built Successfully!

🏷️ Tag: pr-15

  • Backend: ✅ Built
  • Frontend: ✅ Built

📋 View workflow

⏰ Generated at: 2025-12-12T01:24:33.776Z

@vreshch vreshch merged commit cc16474 into master Dec 12, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vreshch