Skip to content

feat: add optional JWT-based authentication for cloud deployment#163

Open
vanpelt wants to merge 1 commit intomainfrom
feature/auth
Open

feat: add optional JWT-based authentication for cloud deployment#163
vanpelt wants to merge 1 commit intomainfrom
feature/auth

Conversation

@vanpelt
Copy link
Collaborator

@vanpelt vanpelt commented Aug 14, 2025

Implements comprehensive authentication system controlled by CATNIP_AUTH_SECRET environment variable:

Backend (Go/Fiber):

  • Add JWT middleware with HMAC-SHA256 signing for secure token validation
  • Support multiple auth methods: Bearer tokens, cookies, and query parameters
  • Add token exchange endpoint for seamless CLI-to-browser handoff
  • Update CORS headers to support Authorization header
  • Enhance settings endpoint to indicate auth requirements

Frontend (React/TypeScript):

  • Auto-detect and exchange CLI tokens for long-lived session cookies
  • Clean token from URL after successful exchange
  • Update auth context to handle new authentication flow
  • Graceful fallback for token exchange failures

CLI Integration:

  • Generate short-lived tokens (5 min) automatically when opening browser
  • Seamless handoff from CLI to browser with query parameter tokens
  • No user interaction required for authentication flow

Key Features:

  • Optional: Only active when CATNIP_AUTH_SECRET is set
  • Secure: HMAC-SHA256 signed JWTs with configurable expiration
  • Flexible: CLI tokens (5 min) exchanged for browser sessions (7 days)
  • Clean: Automatic URL cleanup after token exchange
  • Compatible: Maintains existing GitHub auth integration

🤖 Generated with Claude Code

@claude
feat: add optional JWT-based authentication for cloud deployment
5a0cc05 
Implements comprehensive authentication system controlled by CATNIP_AUTH_SECRET environment variable:

Backend (Go/Fiber):
- Add JWT middleware with HMAC-SHA256 signing for secure token validation
- Support multiple auth methods: Bearer tokens, cookies, and query parameters
- Add token exchange endpoint for seamless CLI-to-browser handoff
- Update CORS headers to support Authorization header
- Enhance settings endpoint to indicate auth requirements

Frontend (React/TypeScript):
- Auto-detect and exchange CLI tokens for long-lived session cookies
- Clean token from URL after successful exchange
- Update auth context to handle new authentication flow
- Graceful fallback for token exchange failures

CLI Integration:
- Generate short-lived tokens (5 min) automatically when opening browser
- Seamless handoff from CLI to browser with query parameter tokens
- No user interaction required for authentication flow

Key Features:
- Optional: Only active when CATNIP_AUTH_SECRET is set
- Secure: HMAC-SHA256 signed JWTs with configurable expiration
- Flexible: CLI tokens (5 min) exchanged for browser sessions (7 days)
- Clean: Automatic URL cleanup after token exchange
- Compatible: Maintains existing GitHub auth integration

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vanpelt @claude