Skip to content

Switch GitHub auth from PAT to OAuth and show landing page without login#10

Open
ThallesP wants to merge 2 commits into
jeremyosih:mainfrom
ThallesP:main
Open

Switch GitHub auth from PAT to OAuth and show landing page without login#10
ThallesP wants to merge 2 commits into
jeremyosih:mainfrom
ThallesP:main

Conversation

@ThallesP
Copy link
Copy Markdown

@ThallesP ThallesP commented Mar 29, 2026
edited
Loading

Summary

  • OAuth flow instead of PAT: Replaced the manual personal-access-token setup with a popup-based GitHub OAuth flow (using an OAuth App client ID Ov23livjmqBTVj8aRNhC). Users now click "Sign in with GitHub" and authorize via popup instead of generating and pasting a fine-grained PAT.
  • Landing page visible without auth: The landing page (with suggested/recent repos) is now shown to all visitors. Only repo and chat routes are gated behind AuthGate, so users can see what the app is before signing in.
  • Auth gate with clear permissions card: Protected routes show a card explaining exactly what's requested — read-only access to public repos, higher rate limits, no write permissions.
  • OAuth App token handling: parseTokenResponse now handles regular OAuth App responses (non-expiring tokens, no refresh token) instead of requiring GitHub App fields (refresh_token, expires_in).
  • Server-side token proxy: Added /api/github-token Nitro route that injects GITHUB_CLIENT_SECRET server-side for the OAuth token exchange.
  • Cleaned up PAT-era code: Removed GithubRepoNoTokenMeta component, validateGithubPersonalAccessToken, GITHUB_CREATE_PAT_URL, and the deleted github-token.test.ts. Updated rate-limit toast messages to no longer reference "Add token".

demo:
https://github.com/user-attachments/assets/4234bb88-ceeb-4fe1-ad8e-91f328294b58

Test plan

  • Existing tests pass (root-guard, bash-tool, github-fetch)
  • Visit landing page without being signed in — should see the full page with suggested repos
  • Click a repo link — should see the "Sign in required" card with bullet points
  • Sign in via OAuth popup — should redirect back and unlock repo/chat routes
  • Verify rate-limit toast messages no longer mention "Add token"
  • Verify Settings > GitHub shows connect/disconnect instead of PAT input

🤖 Generated with Claude Code

took the time to publish just-github onto npm so we can separate it from here

ThallesP and others added 2 commits March 29, 2026 15:06
@ThallesP @claude
Switch to just-github npm package instead of local copy
8b01df6 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@ThallesP @claude
Switch GitHub auth from PAT to OAuth and gate protected routes
2b693e9 
Replace the manual personal-access-token flow with a popup OAuth flow
using the OAuth App client ID. The landing page is now visible without
auth, with an AuthGate blocking repo/chat routes until sign-in.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@vercel
Copy link
Copy Markdown

vercel Bot commented Mar 29, 2026

@ThallesP is attempting to deploy a commit to the personal Team on Vercel.

A member of the Team first needs to authorize it.

@vercel
Copy link
Copy Markdown

vercel Bot commented Mar 30, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
gitinspect Ready Ready Preview, Comment Mar 30, 2026 3:57pm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ThallesP