Skip to content

feat: Add set-token and refresh CLI commands for auth management#848

Merged
chubes4 merged 2 commits intomainfrom
feat/auth-cli-set-token-refresh
Mar 18, 2026
Merged

feat: Add set-token and refresh CLI commands for auth management#848
chubes4 merged 2 commits intomainfrom
feat/auth-cli-set-token-refresh

Conversation

@chubes4
Copy link
Member

@chubes4 chubes4 commented Mar 18, 2026

Summary

New CLI Commands

Command Purpose
wp datamachine auth set-token <provider> Manually inject a token + account data
wp datamachine auth refresh <provider> Force token refresh for a single provider
wp datamachine auth refresh-all Batch refresh all authenticated OAuth2 providers

set-token examples

# Set with individual flags
wp datamachine auth set-token linkedin --token=AQUvlL... --expires=1720000000 --user-id=abc123

# Set from full JSON (migration from another plugin)
wp datamachine auth set-token twitter --json='{"access_token":"...", "user_id":"123", "username":"chubes"}'

# Minimal
wp datamachine auth set-token reddit --token=eyJhbGciOi...

refresh examples

wp datamachine auth refresh linkedin
wp datamachine auth refresh-all

Existing Commands (unchanged)

Command Purpose
status [provider] Show all providers or detailed single-provider status
connect <provider> Start OAuth flow or save direct credentials
disconnect <provider> Clear stored account data
config <provider> View/save API credentials (client_id, client_secret)

Architecture

Both new commands route through abilities, consistent with the abilities-first pattern:

CLI (set-token) → AuthAbilities::executeSetAuthToken()
                    → provider->save_account()
                    → provider->schedule_proactive_refresh()

CLI (refresh)   → AuthAbilities::executeRefreshAuth()
                    → provider->get_valid_access_token()

Why Core

Auth management is a core concern — BaseAuthProvider, BaseOAuth2Provider, AuthAbilities, and the OAuth2Handler all live in core. By adding these commands here, every consumer (socials, email, analytics, future extensions) gets headless auth management for free.

@chubes4
feat: add set-token and refresh CLI commands for auth management
dd9bc77 
Add two new abilities and three new CLI subcommands to the core auth
system, enabling fully headless authentication management:

Abilities (AuthAbilities.php):
- datamachine/set-auth-token: Manually inject access_token + account
  data into any provider. Validates access_token is present, sanitizes
  input, and schedules proactive refresh if supported.
- datamachine/refresh-auth: Force token refresh via get_valid_access_token().
  Returns new expiry timestamp on success.

CLI (AuthCommand.php):
- set-token: Inject credentials via --token/--json flags with optional
  --refresh-token, --expires, --user-id, --username. Supports both
  flag-based and full JSON input for migration scenarios.
- refresh: Force refresh a single provider's token.
- refresh-all: Batch refresh all authenticated OAuth2 providers with
  per-provider success/failure reporting.

These complete the auth CLI surface so agents, CI pipelines, and
headless environments can manage auth without browser OAuth flows.
Existing commands (status, connect, disconnect, config) are unchanged.
@github-actions
Copy link

github-actions bot commented Mar 18, 2026
edited
Loading

Homeboy Results — data-machine

Lint

⚡ Scope: changed files only

lint (changed files only)

Test

Failure Digest

Test Failure Digest

Autofixability classification

  • Overall: human_needed
  • Autofix enabled: no
  • Autofix attempted this run: no
  • Human-needed failed commands:
    • test
  • Failed commands with available automated fixes:
    • test
  • Automated fixes are disabled for this step. Commands with available fix support in this run: test

Machine-readable artifacts

  • homeboy-lint-summary.json
  • homeboy-test-failures.json
  • homeboy-audit-summary.json
  • homeboy-autofixability.json

⚡ Scope: changed files only

test (changed files only)

Audit

⚡ Scope: changed files only

audit (changed files only)

Tooling versions
  • Homeboy CLI: homeboy 0.81.1+dffa0b05
  • Extension: wordpress from https://github.com/Extra-Chill/homeboy-extensions
  • Extension revision: unknown
  • Action: Extra-Chill/homeboy-action@v1

Homeboy Action v1

@chubes4
refactor: make Auth REST API a thin wrapper over abilities
37d34f5 
Move list-providers business logic from Auth.php REST handler into
AuthAbilities as executeListProviders() with a registered
datamachine/list-auth-providers ability.

Auth.php changes:
- handle_list_providers() now delegates to ability (was inline logic)
- Add handle_set_token() endpoint: PUT /auth/{slug}/token
- Add handle_refresh() endpoint: POST /auth/{slug}/refresh
- Extract shared ability_to_response() helper for consistent error
  mapping (replaces per-handler strpos chains)
- Extract handler_slug_args() to DRY route arg definitions
- All handlers are now thin: parse request → call ability → format response

No business logic remains in the REST layer.
@chubes4 chubes4 merged commit 8c6b8ee into main Mar 18, 2026
2 of 3 checks passed
@chubes4 chubes4 deleted the feat/auth-cli-set-token-refresh branch March 18, 2026 17:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CLI: Add auth management commands for all platforms

1 participant

@chubes4