Implement QR login flow in auth package

rusq · rusq · commit a11b322d5a5e · 2025-11-23T22:18:12.000+10:00
diff --git a/auth/auth_ui/auth_ui.go b/auth/auth_ui/auth_ui.go
@@ -11,6 +11,8 @@ const (
 	LHeadless
 	// LUserBrowser is the google auth option
 	LUserBrowser
+	// LMobileSignin allows to sign in using QR Code
+	LMobileSignin
 	// LCancel should be returned if the user cancels the login intent.
 	LCancel
 )
diff --git a/auth/auth_ui/huh.go b/auth/auth_ui/huh.go
@@ -7,6 +7,7 @@ import (
 	"io"
 	"regexp"
 	"strconv"
+	"strings"
 
 	"github.com/charmbracelet/bubbles/key"
 	"github.com/charmbracelet/huh"
@@ -65,22 +66,27 @@ func (m methodMenuItem) String() string {
 	return fmt.Sprintf("%-20s - %s", m.MenuItem, m.ShortDesc)
 }
 
-var methods = []methodMenuItem{
+var gMethods = []methodMenuItem{
 	{
 		"Interactive",
 		"Works with most authentication schemes, except Google.",
 		LInteractive,
 	},
 	{
 		"Automatic",
-		"Only suitable for email/password auth",
+		"Only suitable for email/password auth.",
 		LHeadless,
 	},
 	{
 		"User Browser",
-		"Loads your user profile, works with Google Auth",
+		"Loads your user profile, works with Google Auth.",
 		LUserBrowser,
 	},
+	{
+		"QR Code",
+		"Login using Sign in on Mobile QR code, works with Google Auth.",
+		LMobileSignin,
+	},
 }
 
 type LoginOpts struct {
@@ -95,15 +101,15 @@ func init() {
 	keymap.Quit = key.NewBinding(key.WithKeys("esc", "ctrl+c"), key.WithHelp("esc", "Quit"))
 }
 
-func (*Huh) RequestLoginType(ctx context.Context, w io.Writer, workspace string) (LoginOpts, error) {
+func (*Huh) RequestLoginType(ctx context.Context, _ io.Writer, workspace string) (LoginOpts, error) {
 	ret := LoginOpts{
 		Workspace:   workspace,
 		Type:        LInteractive,
 		BrowserPath: "",
 	}
 
-	opts := make([]huh.Option[LoginType], 0, len(methods))
-	for _, m := range methods {
+	opts := make([]huh.Option[LoginType], 0, len(gMethods))
+	for _, m := range gMethods {
 		opts = append(opts, huh.NewOption(m.String(), m.Type))
 	}
 	opts = append(opts,
@@ -139,6 +145,8 @@ func (*Huh) RequestLoginType(ctx context.Context, w io.Writer, workspace string)
 				return "You will be prompted to enter your email and password, login is automated."
 			case LUserBrowser:
 				return "System browser will open on a Slack Login page."
+			case LMobileSignin:
+				return "Sign in using 'Sign in on Mobile' QR code."
 			case LCancel:
 				return "Cancel the login process."
 			default:
@@ -226,3 +234,35 @@ func valSixDigits(s string) error {
 	}
 	return nil
 }
+
+const (
+	maxEncImgSz = 7000
+	imgPrefix   = "data:image/png;base64,"
+)
+
+func (*Huh) RequestQR(ctx context.Context, _ io.Writer) (string, error) {
+	const description = `In logged in Slack Client or Web:
+  1. click the username in the upper left corner;
+  2. choose 'Sign in on mobile';
+  3. right-click the QR code image;
+  4. choose Copy Image.`
+	var imageData string
+	q := huh.NewForm(huh.NewGroup(
+		huh.NewText().
+			CharLimit(maxEncImgSz).
+			Value(&imageData).
+			Validate(func(s string) error {
+				if !strings.HasPrefix(s, imgPrefix) {
+					return errors.New("image data must start with " + imgPrefix)
+				}
+				return nil
+			}).
+			Placeholder(imgPrefix + "...").
+			Title("Paste QR code image data into this field").
+			Description(""),
+	))
+	if err := q.Run(); err != nil {
+		return "", err
+	}
+	return imageData, nil
+}
diff --git a/auth/rod.go b/auth/rod.go
@@ -73,6 +73,8 @@ type browserAuthUIExt interface {
 	// return it.  Callback function is called to indicate that the code is
 	// requested.
 	ConfirmationCode(email string) (code int, err error)
+	// RequestQR should request the URL-encoded png image and return it.
+	RequestQR(ctx context.Context, w io.Writer) (encImage string, err error)
 }
 
 // NewRODAuth constructs new RodAuth provider.
@@ -123,22 +125,22 @@ func NewRODAuth(ctx context.Context, opts ...Option) (RodAuth, error) {
 	lg := slog.Default()
 	t := time.Now()
 	var sp simpleProvider
+
 	switch resp.Type {
 	case auth_ui.LInteractive, auth_ui.LUserBrowser:
 		lg.InfoContext(ctx, "ℹ️ Initialising browser, once the browser appears, login as usual")
-		var err error
 		sp.Token, sp.Cookie, err = cl.Manual(ctx)
-		if err != nil {
-			return r, err
-		}
 	case auth_ui.LHeadless:
 		sp, err = headlessFlow(ctx, cl, resp.Workspace, r.opts.ui)
-		if err != nil {
-			return r, err
-		}
+	case auth_ui.LMobileSignin:
+		sp, err = qrFlow(ctx, cl, r.opts.ui)
 	case auth_ui.LCancel:
 		return r, ErrCancelled
 	}
+	if err != nil {
+		return r, err
+	}
+
 	lg.InfoContext(ctx, "✅ authenticated", "time_taken", time.Since(t).String())
 
 	return RodAuth{
@@ -167,3 +169,18 @@ func headlessFlow(ctx context.Context, cl *slackauth.Client, workspace string, u
 	}
 	return
 }
+
+func qrFlow(ctx context.Context, cl *slackauth.Client, ui browserAuthUIExt) (sp simpleProvider, err error) {
+	imageData, err := ui.RequestQR(ctx, os.Stdout)
+	if err != nil {
+		return sp, err
+	}
+	tok, cook, err := cl.QRAuth(ctx, imageData)
+	if err != nil {
+		return sp, err
+	}
+	return simpleProvider{
+		Token:  tok,
+		Cookie: cook,
+	}, nil
+}
diff --git a/go.mod b/go.mod
@@ -33,7 +33,7 @@ require (
 	github.com/rusq/osenv/v2 v2.0.1
 	github.com/rusq/rbubbles v0.0.2
 	github.com/rusq/slack v0.9.6-0.20250408103104-dd80d1b6337f
-	github.com/rusq/slackauth v0.6.1
+	github.com/rusq/slackauth v0.7.0
 	github.com/rusq/tagops v0.1.1
 	github.com/rusq/tracer v1.0.1
 	github.com/schollz/progressbar/v3 v3.18.0
@@ -55,13 +55,14 @@ require (
 	atomicgo.dev/schedule v0.1.0 // indirect
 	github.com/atotto/clipboard v0.1.4 // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
+	github.com/caiguanhao/readqr v1.0.0 // indirect
 	github.com/catppuccin/go v0.3.0 // indirect
 	github.com/charmbracelet/colorprofile v0.3.3 // indirect
-	github.com/charmbracelet/x/ansi v0.11.0 // indirect
+	github.com/charmbracelet/x/ansi v0.11.1 // indirect
 	github.com/charmbracelet/x/cellbuf v0.0.14 // indirect
-	github.com/charmbracelet/x/exp/strings v0.0.0-20251110210702-903592506081 // indirect
+	github.com/charmbracelet/x/exp/strings v0.0.0-20251118172736-77d017256798 // indirect
 	github.com/charmbracelet/x/term v0.2.2 // indirect
-	github.com/clipperhouse/displaywidth v0.5.0 // indirect
+	github.com/clipperhouse/displaywidth v0.6.0 // indirect
 	github.com/clipperhouse/stringish v0.1.1 // indirect
 	github.com/clipperhouse/uax29/v2 v2.3.0 // indirect
 	github.com/cloudflare/circl v1.6.1 // indirect
@@ -109,6 +110,7 @@ require (
 	golang.org/x/net v0.47.0 // indirect
 	golang.org/x/sys v0.38.0 // indirect
 	golang.org/x/tools v0.38.0 // indirect
+	golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	modernc.org/libc v1.66.6 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
diff --git a/go.sum b/go.sum
@@ -32,6 +32,8 @@ github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiE
 github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8=
 github.com/aymanbagabas/go-udiff v0.3.1 h1:LV+qyBQ2pqe0u42ZsUEtPiCaUoqgA9gYRDs3vj1nolY=
 github.com/aymanbagabas/go-udiff v0.3.1/go.mod h1:G0fsKmG+P6ylD0r6N/KgQD/nWzgfnl8ZBcNLgcbrw8E=
+github.com/caiguanhao/readqr v1.0.0 h1:axynewywpUyqZxFjKPtEbr97PzSOMrJsfn9bKkp+22w=
+github.com/caiguanhao/readqr v1.0.0/go.mod h1:oaAqEl5Zt0XzeIJf7nCEzJFz4is8rfE+Vgiw8b07vMM=
 github.com/catppuccin/go v0.3.0 h1:d+0/YicIq+hSTo5oPuRi5kOpqkVA5tAsU6dNhvRu+aY=
 github.com/catppuccin/go v0.3.0/go.mod h1:8IHJuMGaUUjQM82qBrGNBv7LFq6JI3NnQCF6MOlZjpc=
 github.com/charmbracelet/bubbles v0.21.1-0.20250623103423-23b8fd6302d7 h1:JFgG/xnwFfbezlUnFMJy0nusZvytYysV4SCS2cYbvws=
@@ -48,6 +50,8 @@ github.com/charmbracelet/lipgloss v1.1.0 h1:vYXsiLHVkK7fp74RkV7b2kq9+zDLoEU4MZoF
 github.com/charmbracelet/lipgloss v1.1.0/go.mod h1:/6Q8FR2o+kj8rz4Dq0zQc3vYf7X+B0binUUBwA0aL30=
 github.com/charmbracelet/x/ansi v0.11.0 h1:uuIVK7GIplwX6UBIz8S2TF8nkr7xRlygSsBRjSJqIvA=
 github.com/charmbracelet/x/ansi v0.11.0/go.mod h1:uQt8bOrq/xgXjlGcFMc8U2WYbnxyjrKhnvTQluvfCaE=
+github.com/charmbracelet/x/ansi v0.11.1 h1:iXAC8SyMQDJgtcz9Jnw+HU8WMEctHzoTAETIeA3JXMk=
+github.com/charmbracelet/x/ansi v0.11.1/go.mod h1:M49wjzpIujwPceJ+t5w3qh2i87+HRtHohgb5iTyepL0=
 github.com/charmbracelet/x/cellbuf v0.0.14 h1:iUEMryGyFTelKW3THW4+FfPgi4fkmKnnaLOXuc+/Kj4=
 github.com/charmbracelet/x/cellbuf v0.0.14/go.mod h1:P447lJl49ywBbil/KjCk2HexGh4tEY9LH0/1QrZZ9rA=
 github.com/charmbracelet/x/conpty v0.1.0 h1:4zc8KaIcbiL4mghEON8D72agYtSeIgq8FSThSPQIb+U=
@@ -58,6 +62,8 @@ github.com/charmbracelet/x/exp/golden v0.0.0-20241011142426-46044092ad91 h1:payR
 github.com/charmbracelet/x/exp/golden v0.0.0-20241011142426-46044092ad91/go.mod h1:wDlXFlCrmJ8J+swcL/MnGUuYnqgQdW9rhSD61oNMb6U=
 github.com/charmbracelet/x/exp/strings v0.0.0-20251110210702-903592506081 h1:pTHy/fb1lG8MTw0FizbBQV9HHXEO2+MtPXkcE0S44nM=
 github.com/charmbracelet/x/exp/strings v0.0.0-20251110210702-903592506081/go.mod h1:/ehtMPNh9K4odGFkqYJKpIYyePhdp1hLBRvyY4bWkH8=
+github.com/charmbracelet/x/exp/strings v0.0.0-20251118172736-77d017256798 h1:g0RVaqkUdTikWLqrBdk2ZvJ9oTQOS0HZlYjYE8Tu7yg=
+github.com/charmbracelet/x/exp/strings v0.0.0-20251118172736-77d017256798/go.mod h1:/ehtMPNh9K4odGFkqYJKpIYyePhdp1hLBRvyY4bWkH8=
 github.com/charmbracelet/x/term v0.2.2 h1:xVRT/S2ZcKdhhOuSP4t5cLi5o+JxklsoEObBSgfgZRk=
 github.com/charmbracelet/x/term v0.2.2/go.mod h1:kF8CY5RddLWrsgVwpw4kAa6TESp6EB5y3uxGLeCqzAI=
 github.com/charmbracelet/x/termios v0.1.1 h1:o3Q2bT8eqzGnGPOYheoYS8eEleT5ZVNYNy8JawjaNZY=
@@ -68,6 +74,8 @@ github.com/chengxilo/virtualterm v1.0.4 h1:Z6IpERbRVlfB8WkOmtbHiDbBANU7cimRIof7m
 github.com/chengxilo/virtualterm v1.0.4/go.mod h1:DyxxBZz/x1iqJjFxTFcr6/x+jSpqN0iwWCOK1q10rlY=
 github.com/clipperhouse/displaywidth v0.5.0 h1:AIG5vQaSL2EKqzt0M9JMnvNxOCRTKUc4vUnLWGgP89I=
 github.com/clipperhouse/displaywidth v0.5.0/go.mod h1:R+kHuzaYWFkTm7xoMmK1lFydbci4X2CicfbGstSGg0o=
+github.com/clipperhouse/displaywidth v0.6.0 h1:k32vueaksef9WIKCNcoqRNyKbyvkvkysNYnAWz2fN4s=
+github.com/clipperhouse/displaywidth v0.6.0/go.mod h1:R+kHuzaYWFkTm7xoMmK1lFydbci4X2CicfbGstSGg0o=
 github.com/clipperhouse/stringish v0.1.1 h1:+NSqMOr3GR6k1FdRhhnXrLfztGzuG+VuFDfatpWHKCs=
 github.com/clipperhouse/stringish v0.1.1/go.mod h1:v/WhFtE1q0ovMta2+m+UbpZ+2/HEXNWYXQgCt4hdOzA=
 github.com/clipperhouse/uax29/v2 v2.3.0 h1:SNdx9DVUqMoBuBoW3iLOj4FQv3dN5mDtuqwuhIGpJy4=
@@ -221,8 +229,8 @@ github.com/rusq/secure v0.0.4 h1:svpiZHfHnx89eEDCCFI9OXG1Y8hL9kUWUG6fJbrWUOI=
 github.com/rusq/secure v0.0.4/go.mod h1:F1QilMKreuFRjov0UY7DZSIXn77/8RqMVGu2zV0RtqY=
 github.com/rusq/slack v0.9.6-0.20250408103104-dd80d1b6337f h1:w4klfw1A3iZv5qWg1YHcRF2bJuRDV7aOpsF6sLLSs0A=
 github.com/rusq/slack v0.9.6-0.20250408103104-dd80d1b6337f/go.mod h1:gULX17QqyNX4BF001nHKlSe0uKYI+MAKiDQ7oi80BYI=
-github.com/rusq/slackauth v0.6.1 h1:s09G3WHSA1yz6H9dHT+Yo6DCZF34ClY31tQz849B++Q=
-github.com/rusq/slackauth v0.6.1/go.mod h1:wAtNCbeKH0pnaZnqJjG5RKY3e5BF9F2L/YTzhOjBIb0=
+github.com/rusq/slackauth v0.7.0 h1:BLqrehKIbs2z4exc38zXecganFrqgnJIJQnL+cYdoFY=
+github.com/rusq/slackauth v0.7.0/go.mod h1:UOqfnUaJeygO9rYShAhsLxAZjbbEBNaLZpsdw03W3R0=
 github.com/rusq/tagops v0.1.1 h1:R5MHPR822lSg3LFr0RS3DFS0CapRiqtuHVD5NlOMOvY=
 github.com/rusq/tagops v0.1.1/go.mod h1:mUJ5WoHxrSv9wreCrHQkAeMevt5aXFadlOdLM6UsoHc=
 github.com/rusq/tracer v1.0.1 h1:5u4PCV8NGO97VuAINQA4gOVRkPoqHimLE2jpezRVNMU=
@@ -332,6 +340,8 @@ golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ=
 golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f h1:GGU+dLjvlC3qDwqYgL6UgRmHXhOOgns0bZu2Ty5mm6U=
+golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=

Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,8 @@ const (`
`11`	`11`	`LHeadless`
`12`	`12`	`// LUserBrowser is the google auth option`
`13`	`13`	`LUserBrowser`
	`14`	`+ // LMobileSignin allows to sign in using QR Code`
	`15`	`+ LMobileSignin`
`14`	`16`	`// LCancel should be returned if the user cancels the login intent.`
`15`	`17`	`LCancel`
`16`	`18`	`)`