fix sailapps oauth broker pickup flow#189
Merged
Merged
Conversation
|
🚀 Preview Deployment Ready Your changes have been deployed and are available at:
Built from commit: cd3f350 This comment will be updated with each new deployment. |
Keep broker pickup secrets ephemeral in the main process and poll token pickup with the required bearer authorization. Co-authored-by: Cursor <cursoragent@cursor.com>
Rebuild Electron before Playwright e2e runs so CI has the platform binary available before launching the app. Co-authored-by: Cursor <cursoragent@cursor.com>
Run Electron's installer directly before Playwright so CI writes the executable path required to launch e2e tests. Co-authored-by: Cursor <cursoragent@cursor.com>
Clear the skip-download environment flag before running Electron's installer so CI writes the executable path for Playwright. Co-authored-by: Cursor <cursoragent@cursor.com>
Spawn Electron's installer as a child process so CI waits for path.txt before Playwright requires Electron. Co-authored-by: Cursor <cursoragent@cursor.com>
Add a verified Electron install helper so Linux and Windows CI have a resolved executable before Playwright launches e2e tests. Co-authored-by: Cursor <cursoragent@cursor.com>
Download and extract Electron directly before e2e tests so CI can verify the platform executable exists. Co-authored-by: Cursor <cursoragent@cursor.com>
Resolve Electron's installer dependencies from the electron package so CI works with nested node_modules layouts. Co-authored-by: Cursor <cursoragent@cursor.com>
Pass Playwright the verified Electron executable path so CI launches the binary installed by the helper. Co-authored-by: Cursor <cursoragent@cursor.com>
Read Electron's installed path from path.txt so Playwright can launch the verified binary without require-style imports. Co-authored-by: Cursor <cursoragent@cursor.com>
Keep the helper process alive until Electron has downloaded, extracted, and written path.txt before e2e starts. Co-authored-by: Cursor <cursoragent@cursor.com>
Bound Electron window readiness waits so CI resolves current window state even if ready-to-show fired early. Co-authored-by: Cursor <cursoragent@cursor.com>
Bound tracing and app shutdown so CI cannot hang indefinitely after launching Electron. Co-authored-by: Cursor <cursoragent@cursor.com>
Simplify the Electron launch check and force-terminate the test app so Linux and Windows CI cannot hang in e2e teardown. Co-authored-by: Cursor <cursoragent@cursor.com>
Use a bounded direct Electron process launch to avoid Playwright launcher hangs on Linux and Windows CI. Co-authored-by: Cursor <cursoragent@cursor.com>
Avoid forcing Electron binary downloads during CI e2e runs, while keeping the production build gate and running the launch smoke test when the executable is available. Co-authored-by: Cursor <cursoragent@cursor.com>
Restore the original Playwright e2e path and remove the CI skip helpers so this PR stays focused on the broker OAuth integration. Co-authored-by: Cursor <cursoragent@cursor.com>
Ensure Electron is installed during CI runs for both Ubuntu and Windows workflows. This addition prevents potential issues related to missing Electron executables during the build process. Co-authored-by: Cursor <cursoragent@cursor.com>
Replace the direct installation script with 'npm rebuild electron' in both Ubuntu and Windows CI workflows. This change ensures a more reliable installation process for Electron during continuous integration runs. Co-authored-by: Cursor <cursoragent@cursor.com>
Enhance the Electron installation process in both Ubuntu and Windows CI workflows by replacing the 'npm rebuild electron' command with a more robust script that downloads and extracts the Electron binary. This change improves reliability and ensures the correct executable is available during continuous integration runs. Co-authored-by: Cursor <cursoragent@cursor.com>
Eliminate the custom Electron installation scripts from both Ubuntu and Windows CI workflows. This change simplifies the workflows by relying on the default package management for Electron installation, improving maintainability and reducing complexity. Co-authored-by: Cursor <cursoragent@cursor.com>
luke-hagar-sp
force-pushed
the
fix/sailapps-oauth-broker
branch
from
6a2c92c to
cd3f350
Compare
tyler-mairose-sp
approved these changes
Jun 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
ttlto the renderer as an optional timeout hint while keeping the pickup secret out of IPC and logs.Notes for reviewers
ttlchange. The core fix is the broker pickup contract:POST /authreturns a pickup secret,GET /auth/token/{id}must use it as a bearer token, and the encrypted token payload must be decrypted with the in-memory RSA private key.ttlis optional in the app typings. When present, it prevents polling after the broker session expires; when absent, the UI keeps the existing 5-minute fallback.Test plan
Made with Cursor