Skip to content

Use auth code flow#3398

Merged
byronkarlen merged 3 commits intomainfrom
wbk/oauth-code-flow
Feb 13, 2026
Merged

Use auth code flow#3398
byronkarlen merged 3 commits intomainfrom
wbk/oauth-code-flow

Conversation

@byronkarlen
Copy link
Contributor

@byronkarlen byronkarlen commented Feb 12, 2026
edited
Loading

Why

Browser-based login should get a code and then exchange that code for a session_secret.

How

Used new auth flow provided by website/www. Uses state, code_challenge and code_verifier like OAuth 2.1.

Test Plan

Tested locally against expo.test with https://github.com/expo/universe/pull/24960
Made sure:

  • works when user already logged in and selects existing account
  • works when user already logged in and wants to log into another account
  • works when user not already logged in
  • the new flow is used
  • errors with token exchange would be handled properly

Tested against expo.dev as well. Tried to test SSO but was hard since our stub-idp doesn't save state/users.

@codecov
Copy link

codecov bot commented Feb 12, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 10.81081% with 33 lines in your changes missing coverage. Please review.
✅ Project coverage is 52.26%. Comparing base (13a6356) to head (4b6aafd).
⚠️ Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
...es/eas-cli/src/user/expoBrowserAuthFlowLauncher.ts 10.82% 33 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3398      +/-   ##
==========================================
- Coverage   52.30%   52.26%   -0.03%     
==========================================
  Files         804      804              
  Lines       33421    33450      +29     
  Branches     6972     6975       +3     
==========================================
+ Hits        17478    17480       +2     
- Misses      14555    15885    +1330     
+ Partials     1388       85    -1303

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@byronkarlen byronkarlen marked this pull request as ready for review February 12, 2026 21:17
@github-actions
Copy link

github-actions bot commented Feb 12, 2026

Subscribed to pull request

File Patterns Mentions
**/* @douglowder

Generated by CodeMention

tchayen
tchayen reviewed Feb 12, 2026
View reviewed changes
CHANGELOG.md Outdated

### 🎉 New features

- Use authorization code flow with PKCE for browser-based login. ([#XXXX](https://github.com/expo/eas-cli/pull/XXXX) by [@byronkarlen](https://github.com/byronkarlen))
Copy link
Member

@tchayen tchayen Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

XXXX?

Copy link
Contributor Author

@byronkarlen byronkarlen Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Whoops thank you! (geez claude)

@github-actions
Copy link

github-actions bot commented Feb 12, 2026

✅ Thank you for adding the changelog entry!

@byronkarlen byronkarlen merged commit 1604b7b into main Feb 13, 2026
13 of 14 checks passed
@byronkarlen byronkarlen deleted the wbk/oauth-code-flow branch February 13, 2026 01:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tchayen tchayen tchayen approved these changes

@davidko604 davidko604 Awaiting requested review from davidko604

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@byronkarlen @tchayen