fix(auth): SAML login option + WSL browser open#1327
Draft
shreem26 wants to merge 2 commits into
Draft
Conversation
The login menu only showed 2 options (password + browser) even when SAML was configured on the server. The saml_enabled field from /api/v1/config/public was never read by the CLI. Now reads saml_enabled from the public config response and shows option [3] Sign in with SAML SSO when it is true. Routes through the same device authorization flow (user authenticates via SAML in the browser, CLI receives the token). SPDX-FileCopyrightText: 2026 Shreem Seth <shreemseth26@gmail.com> SPDX-License-Identifier: AGPL-3.0-only
On WSL, webbrowser.open() calls gio which prints 'Operation not supported' to the terminal since WSL has no native browser. On macOS, webbrowser.open() sometimes opens the wrong browser. Replace with platform-specific subprocess calls: - macOS: open <url> - Linux (WSL): powershell.exe Start-Process <url> - Linux (native): xdg-open <url> - Windows: falls back to webbrowser.open() All subprocess calls suppress stderr/stdout to avoid polluting the terminal output. SPDX-FileCopyrightText: 2026 Shreem Seth <shreemseth26@gmail.com> SPDX-License-Identifier: AGPL-3.0-only
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Purpose
Fix two issues with
observal auth login:gio: Operation not supportederror on WSLApproach
Fix 1: SAML login option missing
Problem: The login menu only showed 2 options (email/password + browser SSO) regardless of server SAML configuration. The
saml_enabledfield returned byGET /api/v1/config/publicwas never read by the CLI.Fix: Read
saml_enabledfrom the public config response. Whentrue, display option[3] Sign in with SAML SSO. This routes through the same device authorization flow — the user authenticates via SAML in the browser and the CLI receives the token via polling.Fix 2: Browser open error on WSL
Problem:
webbrowser.open()on WSL callsgio(a Linux desktop tool) which fails with "Operation not supported" since WSL has no native browser. The error message is printed to the terminal, confusing users.Fix: Replace
webbrowser.open()with platform-aware subprocess calls:open <url>powershell.exe Start-Process <url>— opens in the Windows default browserxdg-open <url>webbrowser.open()WSL detection uses
wslpath -w /(returns 0 only on WSL). All subprocess calls suppress stderr/stdout to avoid terminal pollution.How has this been tested
saml_enabled: truein server config → option [3] appearssaml_enabled: false→ only options [1] and [2] shownpowershell.exewithoutgioerrorsGET /api/v1/config/publicreturnssaml_enabledfield (confirmed via curl)