feat: add GitHub Device Authorization Grant (CLI auth) to GithubLoginHandler#1510
Open
Mukesh-M-Lohar wants to merge 4 commits into
Open
feat: add GitHub Device Authorization Grant (CLI auth) to GithubLoginHandler#1510Mukesh-M-Lohar wants to merge 4 commits into
Mukesh-M-Lohar wants to merge 4 commits into
Conversation
…Handler - POST /login: requests device_code + user_code from GitHub (RFC 8628) - GET /login?device_code=…: polls for token; 202 while pending, 302 on success - Existing web OAuth flow (GET /login, GET /login?code=…) unchanged - Added _OAUTH_DEVICE_CODE_URL and _device_poll() to GithubLoginHandler - 4 new unit tests covering device flow branches - docs: document device auth subsection and FLOWER_GITHUB_OAUTH_DOMAIN env var
Author
|
@auvipy could you review this PR |
Author
|
Hi! I have implemented the GitHub Device Authorization Grant (CLI auth) flow and updated the unit tests/documentation. All 10 unit tests are passing successfully locally. Could a maintainer please approve the workflow run so that the CI checks can verify? Thank you! |
dev-shubhamverma990
approved these changes
Jun 30, 2026
Sanjaykolpady
approved these changes
Jun 30, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds support for the GitHub Device Authorization Grant (RFC 8628) directly inside the existing
GithubLoginHandler, enabling CLI / browserless authentication without a separate handler class.This is particularly useful when building custom integrations like Model Context Protocol (MCP) servers, allowing headless CLI environments to securely authenticate and access the tasks API.
Also documents the
FLOWER_GITHUB_OAUTH_DOMAINenvironment variable which partially addresses #1308 (GitHub Enterprise Server support).How to Test
Setup
Configure
flowerconfig.pywith GitHub OAuth details and start Flower:Steps
Request Device Code (POST):
Expected Response: JSON containing
device_code,user_code,verification_uri.Authorize Device:
Go to the
verification_uriin your browser and enter theuser_code.Poll for Auth status (GET):
Query the polling endpoint:
curl -i "http://localhost:5555/login?device_code=<device_code>"202 Accepted(authorization_pending).302 FoundwithLocation: /and sets the session cookie.Changes
flower/views/auth.py_OAUTH_DEVICE_CODE_URLclass attributepost()— device flow step 1: requestsdevice_code+user_codefrom GitHub, returns JSON_device_poll()— device flow step 2: polls for access token, returns202while pending,302on successGET /login,GET /login?code=…) is unchangedtests/unit/views/test_auth.pydocs/auth.rstFLOWER_GITHUB_OAUTH_DOMAINenvironment variable in the GitHub OAuth section (relates to OAuth2 workflow does not work with Github Enterprise Servers. #1308)No breaking changes
The existing OAuth web flow behaviour is fully preserved.