feat(devtools): add Frigg Authenticator CLI tool #523
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add `frigg auth` command for testing API module authentication flows without deploying full Frigg infrastructure. Features: - OAuth2 authentication with local callback server - API-Key authentication support - Credential persistence to .frigg-credentials.json - Comprehensive testing of all requiredAuthMethods Commands: - `frigg auth test <module>` - Test authentication flow - `frigg auth list` - List saved credentials - `frigg auth get <module>` - Retrieve credentials - `frigg auth delete [module]` - Remove credentials
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
![graphite-app[bot]](https://avatars.githubusercontent.com/in/158384?s=60&v=4){kind=small}
API-Key modules with `getAuthorizationRequirements` now render an interactive CLI form instead of requiring the `--api-key` flag. The form: - Displays title from jsonSchema.title - Shows help text from ui:help before each field - Masks password fields (ui:widget: 'password') with * - Validates required fields - Supports multi-field forms (e.g., company ID, public key, private key) The `--api-key` flag still works and takes precedence over the form. Files added: - json-schema-form.js - Renders JSON Schema as CLI prompts using @inquirer/prompts Files modified: - api-key-flow.js - Calls getAuthorizationRequirements when no --api-key provided - index.js - Removed hard requirement for --api-key flag - README.md, CLAUDE.md, SKILL.md - Documentation updates
- Remove sample API call step (testAuthRequest is authoritative) - Fix credentials saved under CLI arg instead of actual module name - Remove --no-browser option (always open browser for OAuth)
Comment on lines
+24
to
+35
| // Extract API key from form data - try common field names | ||
| apiKey = formData.apiKey || formData.api_key || | ||
| formData.access_token || formData.token; | ||
|
|
||
| // If still no API key found, use the first value from the form | ||
| if (!apiKey && Object.keys(formData).length > 0) { | ||
| apiKey = Object.values(formData)[0]; | ||
| } | ||
|
|
||
| if (!apiKey) { | ||
| throw new Error('No API key provided in form'); | ||
| } |
There was a problem hiding this comment.
Critical bug: Multi-field authentication forms lose data. The code extracts only a single field as apiKey from formData, discarding all other fields. For modules like ConnectWise (documented in README) that require multiple fields (companyId, publicKey, privateKey, siteUrl), only one field will be extracted and the rest will be lost.
When setAuthParams is called later (lines 61-66), it only receives the single extracted apiKey value, not the complete formData object. This breaks multi-field authentication flows.
Fix: Pass the entire formData object to setAuthParams instead of extracting a single field:
if (!apiKey) {
if (definition.requiredAuthMethods?.getAuthorizationRequirements) {
const tempApi = new ApiClass({ ...definition.env });
const authReqs = definition.requiredAuthMethods.getAuthorizationRequirements(tempApi);
if (authReqs?.data?.jsonSchema) {
formData = await renderJsonSchemaForm(
authReqs.data.jsonSchema,
authReqs.data.uiSchema
);
// For backwards compatibility, try to extract a single API key
apiKey = formData.apiKey || formData.api_key ||
formData.access_token || formData.token;
}
}
// ...
}
// Later at line 61-66, pass formData:
if (definition.requiredAuthMethods?.setAuthParams) {
await definition.requiredAuthMethods.setAuthParams(api, formData || {
apiKey,
data: { apiKey, api_key: apiKey, access_token: apiKey }
});
apiKeySet = true;
}Spotted by Graphite Agent
Is this helpful? React 👍 or 👎 to let us know.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Adds
frigg authcommand for testing API module authentication flows without deploying full Frigg infrastructure. This enables API module developers to quickly validate OAuth2 and API-Key authentication during development.Demo
🎥 Watch the demo
Features
.frigg-credentials.json(auto-added to.gitignore)requiredAuthMethods:testAuthRequest- Verify authentication worksgetEntityDetails- Validate entity consistency post-authgetCredentialDetails- Verify credential structureapiPropertiesToPersistverification (credential + entity properties)Interactive JSON Schema Forms for API-Key Modules
API-Key modules with
getAuthorizationRequirementsrender interactive CLI forms:Form features:
jsonSchema.titleui:helpbefore each fieldui:widget: 'password') with*The
--api-keyflag still works and bypasses the form.Commands
Test Plan
requiredAuthMethodsvalidated post-auth