Add explicit Section 0 auth finish command

2026-06-08 09:54:21 -07:00
parent 2eeb236214
commit ef463785da
1 changed files with 35 additions and 0 deletions
--- a/scripts/setup-section0-docs.sh
+++ b/scripts/setup-section0-docs.sh
@@ -48,6 +48,7 @@ section0-docs - helper for Section 0 shared Markdown docs

 Commands:
  auth login  open Authentik and install Git credentials
+  auth finish finish login from a printed device code
  auth status show current saved login
  configure set Git author name/email for this repo
  doctor    check clone, author, remote, and read access
@@ -61,6 +62,7 @@ Commands:

 Examples:
  section0-docs auth login
+  section0-docs auth finish DEVICE_CODE
  section0-docs auth status
  section0-docs doctor
  section0-docs configure
@@ -135,6 +137,10 @@ auth_login() {
  }
  echo "Opening Authentik login:"
  echo "  \$auth_url"
+  echo "Device code:"
+  echo "  \$code"
+  echo "Token check:"
+  echo "  \$SERVER_URL/device/\$code/token"
  open_url "\$auth_url"
  echo "Waiting for login..."
  token_json=""
@@ -155,8 +161,34 @@ auth_login() {
  printf "\n"
  [ -n "\${access_token:-}" ] || {
    echo "timed out waiting for Authentik login" >&2
+    echo "If the browser says login succeeded, run:" >&2
+    echo "  section0-docs auth finish \$code" >&2
    exit 1
  }
+  complete_login "\$token_json" "\$access_token"
+}
+
+auth_finish() {
+  need_python
+  mkdir -p "\$SESSION_DIR"
+  code="\${1:-}"
+  [ -n "\$code" ] || {
+    echo "usage: section0-docs auth finish DEVICE_CODE" >&2
+    exit 1
+  }
+  token_json="\$(http_json "\$SERVER_URL/device/\$code/token")"
+  access_token="\$(printf "%s" "\$token_json" | json_get accessToken 2>/dev/null || true)"
+  [ -n "\$access_token" ] || {
+    echo "No completed login token for code: \$code" >&2
+    printf "%s\n" "\$token_json" >&2
+    exit 1
+  }
+  complete_login "\$token_json" "\$access_token"
+}
+
+complete_login() {
+  token_json="\$1"
+  access_token="\$2"
  echo "Login accepted; requesting Section 0 Git access..."
  access_json="\$(http_json -X POST -H "Authorization: Bearer \$access_token" "\$SERVER_URL/section0/git/access")"
  ok="\$(printf "%s" "\$access_json" | json_get ok)"
@@ -203,6 +235,9 @@ case "\${1:-help}" in
      login)
        auth_login
        ;;
+      finish)
+        auth_finish "\${3:-}"
+        ;;
      status)
        if [ -f "\$SESSION_PATH" ]; then
          cat "\$SESSION_PATH"