summaryrefslogtreecommitdiff
path: root/src/subcommand.zig
diff options
context:
space:
mode:
authort <t@tjp.lol>2026-06-13 14:24:31 -0600
committert <t@tjp.lol>2026-06-15 15:08:32 -0600
commit20e6e08a42240aef0b36ecf627cbcde921912071 (patch)
treefd7e1f860f28ffa41d33416fb6277a95e530191e /src/subcommand.zig
parentfbee69ca8c4b485b7b2d6fe7448b13367c4716c8 (diff)
auth: flatten [auth.<name>] config + ${...} substitution
Collapse the auth schema: infer `type` from keys, replace key/key_env_var with a single `key` (resolved via substitution), flatten the exchange to flat `exchange_*` keys, and drop the auth-level headers tables in favor of reusing the provider's `extra_headers` on the auth HTTP calls. Add `${sibling}` and `${env:VAR}` substitution over auth values (GitHub Enterprise = set `domain`). Restore api_key-empty → provider-drop. Update default config, docs, and tests.
Diffstat (limited to 'src/subcommand.zig')
-rw-r--r--src/subcommand.zig14
1 files changed, 12 insertions, 2 deletions
diff --git a/src/subcommand.zig b/src/subcommand.zig
index b145d4b..bb46941 100644
--- a/src/subcommand.zig
+++ b/src/subcommand.zig
@@ -491,12 +491,22 @@ fn authLogin(
defer panto.deinit();
const client = panto.httpClient();
+ // The auth HTTP calls carry the identity headers of a provider that uses
+ // this session (e.g. Copilot's editor headers). 1:1 in practice; if no
+ // provider references it yet, send none.
+ const headers: []const panto.Header = blk: {
+ for (cfg.providers) |p| {
+ if (std.mem.eql(u8, p.auth_name, name)) break :blk p.extra_headers;
+ }
+ break :blk &.{};
+ };
+
var arena = std.heap.ArenaAllocator.init(allocator);
defer arena.deinit();
const aa = arena.allocator();
var presenter = CliPresenter{ .io = io };
- const toks = panto.oauthLogin(aa, io, client, oauth, presenter.presenter()) catch |err| {
+ const toks = panto.oauthLogin(aa, io, client, oauth, presenter.presenter(), headers) catch |err| {
try out.print("login failed: {t}\n", .{err});
return;
};
@@ -508,7 +518,7 @@ fn authLogin(
// immediately usable and we surface any exchange error during login.
if (oauth.exchange) |exchange| {
if (ts.access_token) |access| {
- ts.exchange = panto.runExchange(aa, client, exchange, access) catch |err| blk: {
+ ts.exchange = panto.runExchange(aa, client, exchange, access, headers) catch |err| blk: {
try out.print("note: token exchange failed ({t}); will retry on first use\n", .{err});
break :blk null;
};