diff options
| author | t <t@tjp.lol> | 2026-06-13 14:24:31 -0600 |
|---|---|---|
| committer | t <t@tjp.lol> | 2026-06-15 15:08:32 -0600 |
| commit | 20e6e08a42240aef0b36ecf627cbcde921912071 (patch) | |
| tree | fd7e1f860f28ffa41d33416fb6277a95e530191e /src/subcommand.zig | |
| parent | fbee69ca8c4b485b7b2d6fe7448b13367c4716c8 (diff) | |
auth: flatten [auth.<name>] config + ${...} substitution
Collapse the auth schema: infer `type` from keys, replace key/key_env_var with
a single `key` (resolved via substitution), flatten the exchange to flat
`exchange_*` keys, and drop the auth-level headers tables in favor of reusing
the provider's `extra_headers` on the auth HTTP calls. Add `${sibling}` and
`${env:VAR}` substitution over auth values (GitHub Enterprise = set `domain`).
Restore api_key-empty → provider-drop. Update default config, docs, and tests.
Diffstat (limited to 'src/subcommand.zig')
| -rw-r--r-- | src/subcommand.zig | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/src/subcommand.zig b/src/subcommand.zig index b145d4b..bb46941 100644 --- a/src/subcommand.zig +++ b/src/subcommand.zig @@ -491,12 +491,22 @@ fn authLogin( defer panto.deinit(); const client = panto.httpClient(); + // The auth HTTP calls carry the identity headers of a provider that uses + // this session (e.g. Copilot's editor headers). 1:1 in practice; if no + // provider references it yet, send none. + const headers: []const panto.Header = blk: { + for (cfg.providers) |p| { + if (std.mem.eql(u8, p.auth_name, name)) break :blk p.extra_headers; + } + break :blk &.{}; + }; + var arena = std.heap.ArenaAllocator.init(allocator); defer arena.deinit(); const aa = arena.allocator(); var presenter = CliPresenter{ .io = io }; - const toks = panto.oauthLogin(aa, io, client, oauth, presenter.presenter()) catch |err| { + const toks = panto.oauthLogin(aa, io, client, oauth, presenter.presenter(), headers) catch |err| { try out.print("login failed: {t}\n", .{err}); return; }; @@ -508,7 +518,7 @@ fn authLogin( // immediately usable and we surface any exchange error during login. if (oauth.exchange) |exchange| { if (ts.access_token) |access| { - ts.exchange = panto.runExchange(aa, client, exchange, access) catch |err| blk: { + ts.exchange = panto.runExchange(aa, client, exchange, access, headers) catch |err| blk: { try out.print("note: token exchange failed ({t}); will retry on first use\n", .{err}); break :blk null; }; |
