feat(login): standardize all sign-ins on the device-code flow#995
Open
codyde wants to merge 1 commit into
Open
feat(login): standardize all sign-ins on the device-code flow#995codyde wants to merge 1 commit into
codyde wants to merge 1 commit into
Conversation
`railway login` (and the implicit sign-in from an unauthenticated `railway up`) now always use the OAuth device-code flow instead of auto-opening a browser when a local display is reachable. Transport was an environment/UX choice orthogonal to who is signing in — agent vs human is tracked via `caller` on both paths — so routing every sign-in through one transport removes the display-detection branch and the flaky `open()` fallback, and makes behavior identical across desktop, SSH, CI, and agent harnesses. - `login_transport()` always returns `DeviceCode`; `--browserless` is now a no-op, kept for backward compatibility with scripts. - New telemetry reason `default_device_code` marks sessions that would previously have taken the browser path; `env_ci`/`env_ssh`/ `no_display`/`flag_browserless` are still recorded. - The browser machinery (browser_login + localhost callback server) is retained as runtime-unreachable code so this can be reverted by restoring `login_transport`'s body; the now-unconstructed `AuthTransport::Browser` is `#[allow(dead_code)]`. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
railway login— and the implicit sign-in triggered by an unauthenticatedrailway up— now always use the OAuth device-code flow, instead of auto-opening a browser when a local display is reachable. The CLI prints a one-click sign-in link (plus a short code) that the human completes in a browser on any device.Why
While reconciling agentic-signup dashboards, transport (
browservsdevice_code) turned out to be an environment/UX choice, orthogonal to who is signing in. Agent-vs-human is already tracked viacalleron both transports, so transport was never the agent signal. Standardizing on one flow:is_likely_headless) and the flakyopen()fallback,Trade-off worth watching: browser was historically the higher-converting path for watched desktop sessions, and it's the bulk of current CLI signups. This PR is meant to try that trade-out — the existing
cliAuthEventTracktelemetry (transport,outcome,transportReason,caller) lets us compare new-signup completion before/after.Changes
exec_context::login_transport()always returnsDeviceCode. It's the single policy function both explicit login and implicitupauth route through, so both are covered.--browserlessis now a no-op, kept for backward compatibility with scripts. It still differentiates telemetry (flag_browserless).transport_reasonvaluedefault_device_codemarks sessions that would previously have taken the browser path;env_ci/env_ssh/no_display/flag_browserlessare still recorded so we can see how sessions would have routed under the old logic. (Passes the backend's^[a-z_]{1,32}$label validation.)browser_login+ localhost callback server + success page) is retained as runtime-unreachable code so this is trivially reverted by restoringlogin_transport's body. The now-unconstructedAuthTransport::Browservariant is#[allow(dead_code)].exec_contexttruth-table tests and the user-facing docstrings.Testing
cargo test exec_context— 12/12 pass.cargo check— clean, no warnings.Revert
Restore the original
login_transportbody (if browserless || !self.browser_reachable { DeviceCode } else { Browser }) and the variant annotation; everything else is comments/tests.🤖 Generated with Claude Code