feat: migrate connect flow to web-based auth via account.vana.org#10
Draft
feat: migrate connect flow to web-based auth via account.vana.org#10
Conversation
Replace desktop deep-link flow (vana://connect) with web-based authentication through account.vana.org. Users now sign in on the web, then deep link into Data Connect in an already-authenticated state. SDK changes: - Add accountUrl to environment config (core/constants.ts) - Rename deepLinkUrl → connectUrl in types, hooks, and components - connect() builds account.vana.org/connect?sessionId=...&secret=... URL - SessionRelay returns raw relay response; connect() wraps it with connectUrl - React hooks/components open connectUrl in new tab instead of vana:// deep link - Default button label: "Connect with Vana" Connect app: - New route group (connect)/ with PrivyProvider layout - /login page: email OTP + Google/Apple OAuth via Privy React SDK - /connect page: master key signing + deep link to Data Connect - /api/sign route: server-side signing oracle with allowlist validation - Added @privy-io/react-auth, @privy-io/node, viem dependencies - CSS fix for Privy modal min-height Tests: - Updated connect.test.ts with new connectUrl assertions - New sign-validation.test.ts for signing allowlist - Updated constants.test.ts for accountUrl
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Add initial admin registration UI with a debug-state helper and a placeholder apps page so builder setup has a dedicated in-product surface. Co-authored-by: Cursor <cursoragent@cursor.com>
Extend PageShell with optional top-right utility actions so routes can show logout and builder navigation affordances consistently. Co-authored-by: Cursor <cursoragent@cursor.com>
Update the grants page layout to expose logout and a direct builder configuration link while keeping launch-first onboarding intact. Co-authored-by: Cursor <cursoragent@cursor.com>
Clarify focus-visible and focus-within utility tokens and fix inline icon sizing for spinner-based text content. Co-authored-by: Cursor <cursoragent@cursor.com>
Register GT America Mono as a local variable font family and expose it through the shared mono token for app typography usage. Co-authored-by: Cursor <cursoragent@cursor.com>
Document VANA_SCOPES in the starter env template so scope selection is explicit for local setup. Co-authored-by: Cursor <cursoragent@cursor.com>
Use shared ghost button styles for top utility actions so shell navigation remains consistent. Co-authored-by: Cursor <cursoragent@cursor.com>
Add a dedicated footer slot and reserved footer row so panel layout stays stable across pages. Co-authored-by: Cursor <cursoragent@cursor.com>
Reuse shared components on admin page. Co-authored-by: Cursor <cursoragent@cursor.com>
Add empty and seven-app scenarios, scrollable app rows, and docs for UI implementation patterns. Co-authored-by: Cursor <cursoragent@cursor.com>
Read debug params at runtime and only apply debug overrides when explicitly enabled. Co-authored-by: Cursor <cursoragent@cursor.com>
Move the grants builder CTA into the panel footer slot and keep the link inline with an arrow icon. Co-authored-by: Cursor <cursoragent@cursor.com>
Split each app row into a link area and a delete control. Gate removal behind an AlertDialog so users can safely remove and re-register apps. Co-authored-by: Cursor <cursoragent@cursor.com>
Save registered apps with canonical URL dedupe, resolve names via a safe metadata endpoint with timeout and hostname fallback, and align debug fixtures. Co-authored-by: Cursor <cursoragent@cursor.com>
Place the copy action below env output for better visibility and tap targets. Co-authored-by: Cursor <cursoragent@cursor.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
vana://connect) to web-based authentication throughaccount.vana.org. Users now sign in on the web, then deep link into Data Connect in an already-authenticated state.deepLinkUrl→connectUrlthroughout types, hooks, and components.connect()now builds anaccount.vana.org/connect?sessionId=...&secret=...URL. React hooks/components open the URL in a new tab./login(email OTP + Google/Apple OAuth) and/connect(master key signing + deep link) pages, plus/api/signserver-side signing oracle with allowlist validation.Changes
SDK (
src/)accountUrlto environment config incore/constants.ts(account-dev.vana.org/account.vana.org)deepLinkUrl→connectUrlincore/types.ts,react/useVanaConnect.ts,react/useVanaData.ts,react/ConnectButton.tsxserver/connect.ts:connect()builds web URL from relay response;SessionRelayreturns raw relay responseserver/session-relay.ts: NewRelaySessionInitResulttype for raw relay dataConnect app (
connect/)(connect)/route group withPrivyProviderlayout/loginpage: email OTP + Google/Apple OAuth via Privy React SDK/connectpage: master key signing + deep link to Data Connect/api/signroute: server-side signing oracle with allowlist validation@privy-io/react-auth,@privy-io/node,viemdependenciesmin-heightExample (
examples/nextjs-starter/)connectUrlinstead ofdeepLinkUrlworkspace:*)Tests
connect.test.tswith newconnectUrlassertions (3 new test cases)sign-validation.test.tsfor signing allowlistconstants.test.tsforaccountUrlTest plan
pnpm testpasses (all 68 tests)/loginflow with email OTP/connectpage deep links correctlyConnectButtonopens new tab toaccount.vana.orgconnectUrlcorrectly