Commit f9c4f70
Support OAuth2 client credentials in 'spice cloud login' (spiceai#10586)
* support OAuth2 client credentials in 'spice cloud login'
* fix: address lint and security review issues in cloud login OAuth2 flow
- Fix doc comment missing backticks on OAuth2 in client.rs
- Replace fragile base_url string replace with oauth_base_url() helper
that correctly handles both api.spice.ai and {env}-api.spice.ai hosts
- Redact client_secret in LoginArgs Debug impl to prevent accidental leakage
* formatting
* fix: add backticks to doc comments for clippy::doc_markdown
* fix: remove Debug derive from OAuth types containing secrets
OAuthTokenRequest contains client_secret and OAuthTokenResponse contains
access_token; deriving Debug risks accidental credential disclosure.
* feat(cloud): enhance login methods and OAuth token handling
* feat(cloud): update login methods and enhance documentation for cloud login command
Co-authored-by: Copilot <copilot@github.com>
* fix(docs): adjust formatting in cloud login documentation table
* feat(cloud): improve login handling and add tests for login methods
* fix(cloud): correct documentation formatting and improve item selection handling in login prompt
* docs(cloud-login): apply review feedback fixes
- Remove `spice cloud login token` and `spice cloud login client` alias
examples, since the corresponding Clap subcommands do not declare aliases.
- Reconcile the OAuth host resolution section with the wire formats: the
exchange polling endpoint (`/v1/auth/device/exchange`) uses the API base
URL, not the non-API OAuth host.
- Replace "fifth method" with "another method" since the doc currently
describes three methods.
Addresses copilot review feedback.
* fix(cloud-login): resolve env vars in chooser path
The chooser path constructs PatLoginArgs / ApiLoginArgs with all fields set
to None, bypassing Clap's env-var resolution. Users with SPICE_CLOUD_PAT,
SPICE_CLOUD_CLIENT_ID, or SPICE_CLOUD_CLIENT_SECRET set were prompted
interactively even when the env vars contained valid values.
`resolve_string_or_prompt_with_terminal` now falls back to reading the
configured env var directly before prompting, so chooser-based PAT/API
logins respect env configuration consistently with the explicit-method
paths. Adds a unit test exercising the env-var fallback.
Addresses copilot review feedback.
* style: collapse nested if to satisfy clippy::collapsible_if
Combines the env-var read and non-empty check into a single
`if let && condition` form to match the repo's clippy::pedantic config.
---------
Co-authored-by: Luke Kim <80174+lukekim@users.noreply.github.com>
Co-authored-by: Copilot <copilot@github.com>
Co-authored-by: claudespice <claude@spice.ai>1 parent 3068bb6 commit f9c4f70
6 files changed
Lines changed: 935 additions & 38 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
44 | 44 | | |
45 | 45 | | |
46 | 46 | | |
| 47 | + | |
| 48 | + | |
| 49 | + | |
| 50 | + | |
| 51 | + | |
47 | 52 | | |
48 | 53 | | |
49 | 54 | | |
| |||
68 | 73 | | |
69 | 74 | | |
70 | 75 | | |
| 76 | + | |
| 77 | + | |
| 78 | + | |
| 79 | + | |
| 80 | + | |
| 81 | + | |
| 82 | + | |
| 83 | + | |
| 84 | + | |
| 85 | + | |
| 86 | + | |
| 87 | + | |
| 88 | + | |
| 89 | + | |
| 90 | + | |
| 91 | + | |
| 92 | + | |
| 93 | + | |
| 94 | + | |
| 95 | + | |
| 96 | + | |
| 97 | + | |
| 98 | + | |
| 99 | + | |
| 100 | + | |
71 | 101 | | |
72 | 102 | | |
73 | 103 | | |
| |||
0 commit comments