Add GitHub OAuth sign-in flow

[jonmartin721]

Description

Replace the manual personal access token setup with a GitHub OAuth device flow across onboarding and settings, then update storage so auth and larger repo lists are handled more cleanly.

Changes

• replace PAT entry with GitHub device flow helpers, encrypted auth session storage, and updated auth/error handling across onboarding, options, popup, and API calls
• move watched repositories to local storage with a sync-storage fallback and migration path so larger repo lists do not hit sync storage limits
• update the affected tests and validation scripts so linting, typechecking, coverage, and builds run cleanly on the branch

Testing

• npm run lint
• npm run typecheck
• npm test -- --runInBand
• npm run build
• npm run validate

Screenshots

• Not included

Checklist

• Tests pass
• Code follows style guidelines
• Documentation updated if needed
• No new warnings or errors

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the user experience and security by transitioning the GitHub authentication method from Personal Access Tokens to the GitHub OAuth device flow. This change simplifies the initial setup and ongoing management of GitHub connections within the extension. Additionally, the storage mechanism for watched repositories has been optimized to prevent quota limitations, ensuring smoother operation for users with extensive monitoring needs. The updates also include comprehensive adjustments to the user interface, error messaging, and documentation to reflect these core improvements.

Highlights

• GitHub OAuth Device Flow Integration: Replaced the manual Personal Access Token (PAT) setup with a more secure and user-friendly GitHub OAuth device flow for authentication across onboarding and settings. This streamlines the connection process for users.
• Watched Repository Storage Optimization: Migrated the storage of watched repositories from Chrome's sync storage to local storage, with a fallback and migration path. This change addresses potential sync quota issues for users with larger lists of monitored repositories.
• Enhanced Authentication Handling: Updated error handling and UI states related to authentication, providing clearer messages for expired or revoked GitHub connections and guiding users to reconnect.
• Documentation and Test Coverage Updates: Refreshed privacy policy, README, and security documentation to reflect the new OAuth authentication method and storage changes. New tests were added for the OAuth flow, and existing tests were updated to align with the new storage and authentication mechanisms.
• New OAuth Module: Introduced a new shared/auth.js module to encapsulate all GitHub OAuth device flow logic, including requesting device codes, polling for access tokens, and managing user sessions.

Changelog

• PRIVACY.md
  • Updated authentication method from 'GitHub Personal Access Token' to 'GitHub OAuth Session'.
  • Clarified that the OAuth session is created via the built-in device-flow sign-in.
  • Adjusted descriptions of data storage and API authentication to refer to GitHub connection and OAuth access token.
• README.md
  • Updated 'Guided Setup' to mention GitHub sign-in flow instead of token creation.
  • Revised 'GitHub Token Permissions' to 'GitHub Sign-In Permissions', detailing OAuth scopes (repo, read:user).
  • Changed first-time setup step from 'Create a GitHub token' to 'Connect your GitHub account'.
  • Updated 'Settings Page' description to refer to 'GitHub connection' instead of 'GitHub token'.
  • Modified 'Privacy & Security Notes' to mention 'GitHub auth session' encryption.
• SECURITY.md
  • Updated security concerns from 'Token leakage' to 'OAuth session leakage'.
  • Renamed 'Token Storage' section to 'GitHub Sign-In Storage' and updated content to refer to 'GitHub auth sessions'.
  • Modified 'API Security' to specify 'OAuth access tokens' in headers.
• background.js
  • Updated import of storage-helpers.js to include getAccessToken and getWatchedRepos.
  • Replaced getToken() with getAccessToken() for fetching the GitHub token.
  • Changed watchedRepos retrieval from getSyncItems to getWatchedRepos().
  • Updated warning message for missing GitHub token to 'No GitHub connection found'.
  • Modified authentication error message for 401 status to reflect GitHub sign-in expiration/revocation.
• manifest.json
  • Added https://github.com/* to host_permissions to support the OAuth device flow.
  • Updated content_security_policy to include https://github.com for connect-src.
• options/controllers/export-import-controller.js
  • Imported getWatchedRepos and setWatchedRepos from storage-helpers.js.
  • Modified exportSettings to retrieve watchedRepos using getWatchedRepos() instead of syncData.watchedRepos.
  • Updated import confirmation message to refer to 'GitHub connection' instead of 'GitHub token'.
  • Modified handleImportFile to use setWatchedRepos() for watched repositories instead of chrome.storage.sync.set.
• options/controllers/import-controller.js
  • Imported STORAGE_CONFIG, getAccessToken, getSyncItem, and setWatchedRepos.
  • Added helper functions getRepoFullName, normalizeImportedRepo for consistent repo handling.
  • Replaced getToken() with getAccessToken() for API calls.
  • Updated logic for alreadyAdded repos to use getRepoFullName.
  • Modified error message for 401 status from 'Invalid GitHub token' to 'GitHub sign-in expired or was revoked'.
  • Added UI updates for select all checkbox, selected count, and confirm button state in closeImportModal.
  • Implemented logic in importSelectedRepos to handle unique repos, check for repository limits, and use setWatchedRepos for persistence.
• options/controllers/token-controller.js
  • Replaced createHeaders and clearToken imports with completeGitHubDeviceAuth, clearAuthSession, getAuthSession, setAuthSession, and OAUTH_CONFIG.
  • Introduced setRepoAccessState, setDeviceCode, and setStatus helper functions for UI management.
  • Refactored clearToken to use clearAuthSession and update UI via applyStoredConnection.
  • Removed validateToken function and its related logic.
  • Implemented connectGitHub to initiate and complete the OAuth device flow, handling UI updates and error messages.
  • Added getDisconnectHelpUrl to provide a link to GitHub's authorized applications settings.
• options/options.css
  • Added new CSS classes for .auth-button-row, #deviceCodeSection, .device-code-label, and styling for the device code input field.
• options/options.html
  • Updated the 'Create a GitHub Token' section to 'Connect GitHub', replacing the PAT input with buttons for connecting/disconnecting and a display for the device code.
  • Revised help text and info boxes to reflect OAuth session security and permissions.
  • Updated 'Add New Repository' section's help text to refer to 'Connect GitHub'.
  • Modified 'Reset to Defaults' description to mention 'GitHub connection' instead of 'GitHub token'.
  • Updated 'Import/Export Settings' note to refer to 'GitHub connection' security.
• options/options.js
  • Updated imports from storage-helpers.js to use getAuthSession, getAccessToken, getWatchedRepos, and setWatchedRepos.
  • Replaced clearToken and validateToken imports with applyStoredConnection, clearToken, and connectGitHub from token-controller.js.
  • Changed persistedToken state variable to persistedSession.
  • Modified syncTokenUiWithStoredCredential to handle the new OAuth UI elements and states.
  • Added event listener for the new 'connectGitHubBtn'.
  • Removed the input event listener for the old githubToken field and its associated token validation logic.
  • Updated importSelectedRepos callback to use getWatchedRepos() for state update and added error handling.
  • Modified loadSettings to retrieve authSession and watchedRepos using new helpers, and apply connection state via applyStoredConnection.
  • Updated addRepo and removeRepo to use setWatchedRepos for persistence.
  • Changed validateRepo to use getAccessToken and updated error message for no GitHub connection.
  • Removed validateToken from module exports.
  • Updated resetSettings confirmation message to refer to 'GitHub connection'.
• popup/popup.css
  • Added new CSS classes .token-code-stack, .token-copy-hint, and .copy-code-btn for styling the device code input and copy button.
  • Added media queries for responsive styling of token input group.
• popup/popup.js
  • Updated import of storage-helpers.js to include getWatchedRepos.
  • Modified updateRepoCount to use getWatchedRepos() instead of chrome.storage.sync.get.
• popup/views/onboarding-view.js
  • Imported new OAuth-related functions (createGitHubAuthSession, fetchGitHubUser, openGitHubDevicePage, pollForGitHubAccessToken, requestGitHubDeviceCode) and updated storage helpers.
  • Added copyTextToClipboard utility function.
  • Introduced createPendingDeviceAuthState, getPendingDeviceCodeData, and persistConnectedTokenState for managing OAuth device flow state.
  • Implemented completePendingDeviceAuth to handle polling and session persistence.
  • Refactored renderTokenStep to display OAuth device flow instructions, device code input, and connect/copy buttons.
  • Updated security message in renderTokenStep to refer to 'GitHub sign-in session'.
  • Removed old token validation logic and tokenInput event listener from setupOnboardingStepListeners.
  • Refactored setupTokenStepListeners to initiate OAuth device flow, handle user code display, copy functionality, and poll for access token.
  • Added logic to resume pending device authentication if the popup was closed.
  • Updated error messages for various OAuth failure scenarios.
  • Modified attachRepoButtonListeners and setupReposStepListeners to use getAccessToken and setWatchedRepos.
  • Updated handleNextStep for the 'token' step to check for validated OAuth session instead of PAT presence.
• shared/auth.js
  • Added new file auth.js to encapsulate all GitHub OAuth device flow logic.
  • Includes functions for getStorageValue, buildFormBody, getOAuthHeaders, parseOAuthResponse, createOAuthError, waitFor, normalizeScopes, getScopeString, isConfiguredClientId, getGitHubOAuthClientId, requireGitHubOAuthClientId.
  • Exports createOAuthHeaders, createGitHubAuthSession, requestGitHubDeviceCode, openGitHubDevicePage, pollForGitHubAccessToken, fetchGitHubUser, and completeGitHubDeviceAuth.
• shared/config.js
  • Added OAUTH_CONFIG object with GitHub OAuth client ID, scopes, and endpoint URLs.
  • Updated ERROR_MESSAGES for authentication failures to be more specific to GitHub sign-in expiration/revocation.
  • Removed GITHUB_TOKEN pattern from VALIDATION_PATTERNS.
  • Added OAUTH to the main CONFIG export.
• shared/crypto-utils.js
  • Updated JSDoc comments to refer to 'auth session storage' instead of 'token storage'.
• shared/error-handler.js
  • Updated ERROR_TYPES.AUTHENTICATION message and action to reflect GitHub sign-in needs.
  • Expanded classifyError to include 'sign-in', 'revoked', 'unauthorized', and 'expired' in authentication error detection.
• shared/github-api.js
  • Updated JSDoc for createHeaders to refer to 'GitHub access token'.
  • Changed Authorization header from token ${token} to Bearer ${token}.
  • Modified 401 error message in handleApiResponse to 'GitHub sign-in expired or was revoked'.
• shared/onboarding.js
  • Updated import to use getAccessToken and createHeaders.
  • Modified getPopularRepos to use getAccessToken for authentication headers.
  • Removed getGitHubTokenUrl function.
• shared/repository-validator.js
  • Updated JSDoc for validateRepository and validateRepositoryEnhanced to refer to 'GitHub access token'.
  • Modified 401 error message in validateRepository to 'GitHub sign-in expired or was revoked'.
• shared/state-manager.js
  • Updated imports to include getWatchedRepos and setWatchedRepos.
  • Modified loadState to retrieve watchedRepos using getWatchedRepos().
  • Updated persistState to use setWatchedRepos() when watchedRepos are updated.
• shared/storage-helpers.js
  • Added constants AUTH_SESSION_CACHE_KEY, AUTH_SESSION_STORAGE_KEY, and WATCHED_REPOS_STORAGE_KEY.
  • Introduced clearLegacySyncWatchedRepos to remove old watchedRepos from sync storage.
  • Implemented getWatchedRepos to retrieve watched repositories from local storage with a fallback/migration from sync storage.
  • Implemented setWatchedRepos to persist watched repositories in local storage.
  • Refactored getToken, setToken, clearToken into getAuthSession, setAuthSession, clearAuthSession to handle full OAuth sessions.
  • Added getAccessToken to extract the access token from the stored auth session.
  • Modified getSettings and updateSettings to use getWatchedRepos and setWatchedRepos.
• tests/auth.test.js
  • Added new test file auth.test.js to test GitHub OAuth helper functions.
  • Includes tests for requesting device codes, opening verification pages, polling for access tokens, and fetching authenticated user data.
• tests/background.test.js
  • Updated mocks for chrome.storage.session.get to expect githubAuthSession instead of githubToken.
  • Updated mocks for chrome.storage.local.get to expect encryptedGithubAuthSession instead of githubToken.
• tests/error-handler.test.js
  • Updated expected user-friendly error messages for authentication to reflect 'GitHub Sign-In Needed' and 'expired or was revoked'.
• tests/export-import-controller.test.js
  • Updated mocks to include getWatchedRepos and setWatchedRepos.
  • Modified tests to assert calls to getWatchedRepos and setWatchedRepos instead of direct chrome.storage.sync manipulation for watched repos.
  • Adjusted expected export/import data structure to reflect watchedRepos being handled separately.
• tests/github-api.test.js
  • Updated expected Authorization header format from token to Bearer.
  • Modified expected error message for 401 status to 'GitHub sign-in expired or was revoked'.
• tests/import-controller.test.js
  • Updated mocks to use getAccessToken, getSyncItem, and setWatchedRepos.
  • Modified tests to reflect the new authentication flow and watched repo storage.
  • Added tests for handling repository limits during import and ensuring watched repos are not mutated on storage write failures.
• tests/onboarding.test.js
  • Updated mocks for chrome.storage.local to include remove method.
  • Modified renderTokenStep to include githubOAuthClientId in local storage and updated initial token data.
  • Added mocks for navigator.clipboard.writeText.
  • Refactored tests for token persistence and getPopularRepos to align with OAuth session handling.
  • Updated tests for renderOnboardingStep to check for device codes and connected status, and to test copy functionality.
  • Added tests for various OAuth device flow scenarios, including sign-in initiation, cancellation, and errors.
• tests/options-main.test.js
  • Updated DOM structure in beforeEach to match new OAuth UI elements (connectGitHubBtn, deviceCodeSection).
  • Added mock for chrome.tabs.create.
  • Modified tests for syncTokenUiWithStoredCredential to reflect new UI states and button texts.
  • Refactored loadSettings tests to handle authSession instead of githubToken.
  • Updated setupEventListeners tests to simulate OAuth device flow initiation and session storage.
• tests/options-token-controller.test.js
  • Updated mocks to use completeGitHubDeviceAuth, clearAuthSession, getAuthSession, and setAuthSession.
  • Refactored tests to cover applyStoredConnection, clearToken, and connectGitHub functions, aligning with the new OAuth flow.
• tests/options.test.js
  • Updated mocks for chrome.storage.sync.get and chrome.storage.session.get to reflect changes in storage keys and values (e.g., githubAuthSession).
  • Modified validateRepo tests to expect 'GitHub sign-in expired or was revoked' error message.
• tests/phase1.test.js
  • Updated expected error messages for authentication to 'GitHub sign-in expired or was revoked' and 'GitHub Sign-In Needed'.
• tests/repository-validator.test.js
  • Updated expected error message for 401 status to 'GitHub sign-in expired or was revoked'.
• tests/storage-helpers.test.js
  • Added mockSessionStorage and updated global.chrome.storage mocks to include session storage.
  • Refactored tests for token handling to cover getAuthSession, setAuthSession, clearAuthSession, and getAccessToken.
  • Added tests for getWatchedRepos and setWatchedRepos, including migration logic from sync to local storage.

Activity

• The pull request introduces a significant architectural change by moving from PAT-based authentication to GitHub OAuth device flow.
• The author noted that npm test -- --runInBand fails in tests/options-main.test.js because a test still expects #clearTokenBtn to be visible after connect, and in tests/state-manager.test.js due to a missing getWatchedRepos export in a mock.
• Linting (npm run lint) and typechecking (npm run typecheck) also failed locally for the author due to module resolution issues, indicating potential setup or configuration challenges.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request is a significant and well-executed refactoring that replaces the personal access token (PAT) authentication with a more secure and user-friendly GitHub OAuth device flow. The changes are extensive, touching documentation, background scripts, UI components, and storage logic. The introduction of a dedicated auth.js module for the device flow is a great architectural choice. Additionally, migrating the watchedRepos from sync to local storage is a thoughtful improvement for handling larger repository lists. The code is generally of high quality. I've included a few suggestions to improve maintainability by removing some redundant UI visibility logic.

[gemini-code-assist]

The code uses both classList.toggle('hidden', ...) and style.display = ... to control the visibility of the importSection. The .hidden class in options.css already sets display: none;, making the direct manipulation of style.display redundant. This redundancy can make styling harder to debug and maintain. If the implementation of the .hidden class changes in the future (e.g., to use visibility), this code might break. It's better to rely solely on adding/removing the class for managing visibility.

Suggested change

	importSection.classList.toggle('hidden', !isConnected);
	importSection.style.display = isConnected ? 'block' : 'none';
	importSection.classList.toggle('hidden', !isConnected);

[gemini-code-assist]

Similar to the handling of importSection, the visibility of deviceCodeSection is controlled using both classList.toggle and a direct style.display assignment. This is redundant and can lead to maintenance issues. Relying on just the CSS class is a cleaner and more maintainable approach.

Suggested change

	deviceCodeSection.classList.toggle('hidden', !userCode);
	deviceCodeSection.style.display = userCode ? 'block' : 'none';
	deviceCodeSection.classList.toggle('hidden', !userCode);

[gemini-code-assist]

The syncTokenUiWithStoredCredential function uses both classList.toggle and a direct style.display assignment to manage the visibility of the import section. This is redundant since the .hidden class already handles the display property. To improve maintainability and rely on a single source of truth for styling (the CSS class), it's better to only use class manipulation.

Suggested change

	importSection.classList.toggle('hidden', !hasStoredToken);
	importSection.style.display = hasStoredToken ? 'block' : 'none';
	importSection.classList.toggle('hidden', !hasStoredToken);

[gemini-code-assist]

Code Review

This pull request is a significant and well-executed improvement, replacing the manual personal access token flow with a much cleaner GitHub OAuth device flow. The related changes to storage, UI, and documentation are thorough and consistent. My review includes a couple of suggestions to refactor small areas of duplicated code and simplify data flow, which will enhance the long-term maintainability of the new options page logic.

[gemini-code-assist]

This function's logic is duplicated in applyStoredConnection within options/controllers/token-controller.js. To improve maintainability and reduce code duplication, you can replace the call to syncTokenUiWithStoredCredential(false) in loadSettings with applyStoredConnection(null) and then remove this function entirely.

[gemini-code-assist]

This line mutates the watchedRepos array in-place. However, the calling code in options.js provides a callback that immediately re-fetches the repositories from storage, overwriting this change. This makes the in-place mutation redundant. Removing this line would simplify the function by making the data flow more explicit and avoiding an unnecessary side-effect.

[sentry]

Codecov Report

❌ Patch coverage is 76.76768% with 92 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
popup/views/onboarding-view.js	64.65%	41 Missing ⚠️
shared/auth.js	82.41%	16 Missing ⚠️
options/options.js	47.82%	12 Missing ⚠️
shared/storage-helpers.js	79.16%	10 Missing ⚠️
options/controllers/token-controller.js	89.33%	8 Missing ⚠️
options/controllers/import-controller.js	92.00%	2 Missing ⚠️
background.js	80.00%	1 Missing ⚠️
popup/popup.js	0.00%	1 Missing ⚠️
shared/state-manager.js	80.00%	1 Missing ⚠️

📢 Thoughts on this report? Let us know!

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 040192e020

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Allow configured OAuth client ID to pass validation

getGitHubOAuthClientId() falls back to OAUTH_CONFIG.CLIENT_ID when no storage override exists, but isConfiguredClientId() rejects any value equal to OAUTH_CONFIG.CLIENT_ID. As written, requireGitHubOAuthClientId() will always throw client_id_missing unless a different ID is manually written into chrome.storage, so the new GitHub device sign-in flow cannot start in a normal install.

Useful? React with 👍 / 👎.