Summary
Implement lattice auth login using the OAuth 2.0 device flow so the CLI can access Lattice app APIs with user identity.
Details
The forkzero/auth service already provides:
- Device flow endpoints (
POST /api/v1/device/authorize, POST /api/v1/device/token)
- Rust SDK with device flow support (
crates/forkzero-auth)
UX
$ lattice auth login
→ Visit https://id-dev.forkzero.com/device and enter code: ABCD-1234
→ Waiting for authorization... ✓
→ Logged in as george@forkzero.com
Implementation
- Add
lattice auth login subcommand
- Call device/authorize to get
user_code, device_code, verification_uri
- Display URL + code, optionally open browser
- Poll device/token until approved (handle
authorization_pending, slow_down, expired_token)
- Cache token locally (e.g.
~/.lattice/credentials.json) with refresh token
- Add
lattice auth logout to clear cached credentials
- Add
lattice auth status to show current auth state
Dependencies
- forkzero/auth#10 —
lattice-app client needs device_code grant type enabled
Also needed (in this repo)
- Token storage — cache access/refresh token locally, auto-refresh on expiry
- API key fallback — check
LATTICE_API_KEY env var before requiring OAuth login (for CI/automation)
🤖 Generated with Claude Code
Summary
Implement
lattice auth loginusing the OAuth 2.0 device flow so the CLI can access Lattice app APIs with user identity.Details
The forkzero/auth service already provides:
POST /api/v1/device/authorize,POST /api/v1/device/token)crates/forkzero-auth)UX
Implementation
lattice auth loginsubcommanduser_code,device_code,verification_uriauthorization_pending,slow_down,expired_token)~/.lattice/credentials.json) with refresh tokenlattice auth logoutto clear cached credentialslattice auth statusto show current auth stateDependencies
lattice-appclient needs device_code grant type enabledAlso needed (in this repo)
LATTICE_API_KEYenv var before requiring OAuth login (for CI/automation)🤖 Generated with Claude Code