Skip to content

feat: implement OAuth2 interactive login and user info fetching#474

Merged
Soner (shyim) merged 3 commits intomainfrom
oauth2-flow
Mar 13, 2026
Merged

feat: implement OAuth2 interactive login and user info fetching#474
Soner (shyim) merged 3 commits intomainfrom
oauth2-flow

Conversation

@shyim
Copy link
Member

@shyim Soner (shyim) commented Feb 13, 2025
edited
Loading

Staging

OIDCEndpoint = "https://auth-api.shopware.in"
OIDCClientID = "def413d7-4c4e-439f-8b51-74c352436b2f"

ApiUrl = "https://next-api.shopware.com"

Production

OIDCEndpoint = "https://auth-api.shopware.com"
OIDCClientID = "069d0a55-5237-4706-a5c9-7cb1a45f1e81"

ApiUrl = "https://api.shopware.com"

Fixes #896

@shyim Soner (shyim) marked this pull request as ready for review March 13, 2026 06:52
Copilot AI review requested due to automatic review settings March 13, 2026 06:52
Copilot AI reviewed Mar 13, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds OAuth2/OIDC-based interactive login (with PKCE + localhost callback) and switches account API base URLs to support staging vs production, while removing the legacy file-based credential config.

Changes:

  • Introduce interactive OAuth2 login flow and OIDC environment-based endpoint selection (staging vs prod).
  • Update account-api requests to use a dynamic API base URL helper and standard http.Method* constants.
  • Remove legacy config module/tests and stop persisting email/password in config.

Reviewed changes

Copilot reviewed 19 out of 20 changed files in this pull request and generated 8 comments.

Show a summary per file
File Description
internal/system/browser.go Adds cross-platform helper to open the login URL in the default browser.
internal/account-api/oauth2.go Implements interactive OAuth2 login via localhost callback, PKCE, and browser launch.
internal/account-api/oidc.go Adds staging/prod endpoint + client ID + API URL selection.
internal/account-api/client.go Supports OAuth2 token + legacy token cache formats; updates auth header logic and logging.
internal/account-api/login.go Reworks login: token cache → env credentials (legacy) → interactive OAuth2.
internal/account-api/producer*.go, updates.go Switch to getApiUrl() and http.Method* for requests.
cmd/root.go, cmd/account/* Removes config dependency and updates login/logout commands for OAuth2 flow.
internal/config/* Removes legacy credential config implementation and associated testdata/tests.
.golangci.yml Disables forbidigo linter for internal/account-api/*.
.claude/worktrees/twinkling-stargazing-neumann Adds a Claude worktree pointer file to the repo.
go.mod, go.sum Drops github.com/caarlos0/env/v9 dependency.
Comments suppressed due to low confidence (1)

.claude/worktrees/twinkling-stargazing-neumann:1

  • This adds a tool/worktree pointer file that appears unrelated to the OAuth2 login feature and may be environment-specific. Consider removing it from the PR and/or adding an appropriate .gitignore rule if these files are not intended to be versioned.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

@shyim Soner (shyim) merged commit 527bc01 into main Mar 13, 2026
3 checks passed
@shyim Soner (shyim) deleted the oauth2-flow branch March 13, 2026 07:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@shyim Soner (shyim)

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Shopware Account] Allow OAuth login and old login at same time

2 participants

@shyim