feat(auth): open OAuth URL in default browser automatically#875
Conversation
gws auth login now attempts to launch the default browser with the OAuth URL (open on macOS, xdg-open on Linux, rundll32 on Windows). When no opener is available the existing copy-paste flow is unchanged.
🦋 Changeset detectedLatest commit: a653b04 The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request enhances the 'gws auth login' command by automating the browser-based authentication flow. By detecting the host operating system and spawning a detached process to open the OAuth URL, the CLI reduces manual user effort while preserving the original copy-paste workflow as a robust fallback. The implementation includes strict URL validation and comprehensive unit testing to ensure security and cross-platform compatibility. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
There was a problem hiding this comment.
Code Review
This pull request introduces automatic browser opening for the OAuth login flow in gws auth login across macOS, Linux, and Windows, falling back to the manual copy-paste flow if opening fails. A new browser module is added to handle platform-specific browser spawning and URL validation. Feedback suggests improving URL validation by checking for dangerous Unicode characters (Format category Cf) in addition to standard control characters.
char::is_control() only covers the Cc category, so zero-width chars and bidi overrides (Cf) passed the opener URL validation. Reuse the existing google_workspace::validate::is_dangerous_unicode helper.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request introduces automatic browser opening for the OAuth login flow in gws auth login across macOS, Linux, and Windows, falling back to the manual copy-paste flow if needed. The feedback recommends strengthening the URL validation in is_openable_url to explicitly reject shell metacharacters, quotes, and backslashes to prevent potential injection or parsing issues in external openers, and suggests adding corresponding test cases to verify these security checks.
Some openers forward their argument through a shell (xdg-open wrapper scripts) and rundll32 mis-parses quotes, so explicitly reject " ' \ ; $ | ` < > before handing the URL to the opener. Properly percent-encoded OAuth URLs never contain these characters.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request implements automatic browser opening for the gws auth login command across macOS, Linux, and Windows platforms, falling back to the manual copy-paste flow if needed. It introduces a new browser module to validate URLs and spawn detached processes safely. The review feedback points out an inconsistency in referencing the validate module, suggesting the use of crate::validate instead of google_workspace::validate to prevent potential compilation issues.
…-export The CLI crate consistently uses the crate::validate shim (39 call sites) rather than the google_workspace library path.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request introduces automatic browser opening for the OAuth login flow on macOS, Linux, and Windows, falling back to manual copy-paste if it fails. It includes URL validation to prevent command injection. The review feedback recommends replacing rundll32 with explorer on Windows to avoid enterprise security blocks (LOLBIN detection) and updating the corresponding unit tests.
rundll32 url.dll,FileProtocolHandler is a well-known LOLBIN technique that EDR agents and WDAC policies commonly block or flag, which would make the login flow fail silently in enterprise environments. Spawning explorer.exe directly keeps the no-cmd-reparsing property while using a binary that cannot be blocked without breaking the OS GUI.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request introduces automatic browser opening for the gws auth login command. It adds a new browser module that handles platform-specific commands (open on macOS, xdg-open on Linux, and explorer on Windows) to safely open the OAuth URL, falling back to the manual copy-paste flow if it fails. The URL is validated to ensure it is a secure HTTPS address and free of dangerous characters before launching. I have no feedback to provide.
Description
gws auth logincurrently prints the OAuth URL and requires the user to copy-paste it into a browser manually. This PR makes the CLI attempt to open the URL in the default browser automatically, falling back to the existing copy-paste flow when no opener is available.crates/google-workspace-cli/src/browser.rswith a best-efforttry_open_browser():openxdg-openexplorer(avoidscmd /C start, which re-parses&inside URLs, andrundll32 url.dll,FileProtocolHandler, a LOLBIN technique commonly blocked by EDR/WDAC policies)auth_commands.rs(login_with_proxy_supportandCliFlowDelegate::present_user_url). The URL is still always printed, so headless/SSH environments keep working unchanged.https://URLs without whitespace, control characters, dangerous Unicode (Cfcategory), or quote/shell metacharacters are handed to the opener (defense-in-depth per the input-safety guidelines in AGENTS.md).Dry Run Output:
// Not applicable — this change affects the auth login flow, not API request construction.Checklist:
AGENTS.mdguidelines (no generatedgoogle-*crates).cargo fmt --allto format the code perfectly.cargo clippy -- -D warningsand resolved all warnings. (One pre-existingclippy::collapsible_matchwarning incrates/google-workspace-cli/src/helpers/script.rs:173appears with clippy 1.96 on unmodifiedmainas well; it is unrelated to this change and left untouched.)pnpx changeset) to document my changes.🤖 Generated with Claude Code