CodeCow/stack
1
0
Fork 0
mirror of https://github.com/stack-auth/stack.git synced 2026-06-21 21:09:49 +08:00
Code Issues Actions 29 Packages Projects Releases Wiki Activity
f04a396650
stack/docs/public/stack-auth-cli-template.py
Aman Ganapathy 21c5198255
chore(cli-auth): publishable key no longer required for cli auth (#1590) 
<!-- This is an auto-generated description by cubic. -->
## Summary by cubic
CLI authentication no longer requires a publishable client key. Login
works with only a project ID; pass `publishable_client_key` only if the
project has `requirePublishableClientKey` enabled.

- **New Features**
- In `stack-auth-cli-template.py`, `publishable_client_key` is optional;
requests send `x-hexclave-project-id` and `x-hexclave-access-type:
client`, and include `x-hexclave-publishable-client-key` only when
provided.
- Updated docs and generated prompts to remove the key from examples and
explain when it’s needed.

- **Migration**
- No changes required; existing calls that pass `publishable_client_key`
still work.
- You can remove the argument from `prompt_cli_login(...)` unless your
project requires it.

<sup>Written for commit 1f0e66ee74.
Summary will update on new commits.</sup>

<a
href="https://cubic.dev/pr/hexclave/hexclave/pull/1590?utm_source=github"
target="_blank" rel="noopener noreferrer"
data-no-image-dialog="true"><picture><source
media="(prefers-color-scheme: dark)"
srcset="https://www.cubic.dev/buttons/review-in-cubic-dark.svg"><source
media="(prefers-color-scheme: light)"
srcset="https://www.cubic.dev/buttons/review-in-cubic-light.svg"><img
alt="Review in cubic"
src="https://www.cubic.dev/buttons/review-in-cubic-dark.svg"></picture></a>

<!-- End of auto-generated description by cubic. -->
2026-06-12 10:12:27 -07:00

59 lines
1.8 KiB
Python
Raw Blame History

import time
import requests
import webbrowser
import urllib.parse
from typing import Optional
def prompt_cli_login(
*,
base_url: str = "https://api.stack-auth.com",
app_url: str,
project_id: str,
publishable_client_key: Optional[str] = None,
):
if not app_url:
raise Exception("app_url is required and must be set to the URL of the app you're authenticating with")
if not project_id:
raise Exception("project_id is required")
def post(endpoint, json):
headers = {
'Content-Type': 'application/json',
'x-hexclave-project-id': project_id,
'x-hexclave-access-type': 'client',
}
if publishable_client_key is not None:
headers['x-hexclave-publishable-client-key'] = publishable_client_key
return requests.request(
'POST',
f'{base_url}{endpoint}',
headers=headers,
json=json,
)
# Step 1: Initiate the CLI auth process
init = post('/api/v1/auth/cli', {
'expires_in_millis': 10 * 60 * 1000,
})
if init.status_code != 200:
raise Exception(f"Failed to initiate CLI auth: {init.status_code} {init.text}")
polling_code = init.json()['polling_code']
login_code = init.json()['login_code']
# Step 2: Open the browser for the user to authenticate
url = f'{app_url}/handler/cli-auth-confirm?login_code={urllib.parse.quote(login_code)}'
print(f"Opening browser to authenticate. If it doesn't open automatically, please visit:\n{url}")
webbrowser.open(url)
# Step 3: Retrieve the token
while True:
status = post('/api/v1/auth/cli/poll', {
'polling_code': polling_code,
})
if status.status_code != 200 and status.status_code != 201:
raise Exception(f"Failed to get CLI auth status: {status.status_code} {status.text}")
if status.json()['status'] == 'success':
return status.json()['refresh_token']
time.sleep(2)
Reference in New Issue View Git Blame Copy Permalink