--app flag does not switch credentials for shortcut subcommands #38
Description
Bug Description
The --app persistent flag does not actually switch credentials when used with shortcut subcommands (post, reply, whoami, mentions, like, dm, etc.). All requests continue to use the default app's tokens regardless of --app.
Steps to Reproduce
- Register two apps:
defaultandmy-other-appwith different credentials/tokens - Set
defaultas the active app:xurl auth default default - Run:
xurl --app my-other-app whoami - Observe: the request uses
default's tokens, notmy-other-app's
Expected Behavior
xurl --app my-other-app whoami should authenticate using my-other-app's credentials and tokens.
Actual Behavior
The --app flag is parsed and Auth.WithAppName() is called in PersistentPreRun, but the override is never propagated to token retrieval. All shortcut commands use the default app's tokens.
Root Cause
There are two interconnected issues:
1. Token retrieval methods ignore Auth.appName
All non-ForApp token methods (GetOAuth1Tokens, GetFirstOAuth2Token, GetBearerToken) delegate to their ForApp variants with an empty string:
func (s *TokenStore) GetOAuth1Tokens() *Token {
return s.GetOAuth1TokensForApp("") // always resolves to default app
}ResolveApp("") returns the default app, so Auth.appName (set by WithAppName) is never consulted during token retrieval.
2. WithAppName conditionally updates client credentials
func (a *Auth) WithAppName(appName string) *Auth {
a.appName = appName
app := a.TokenStore.ResolveApp(appName)
if app != nil {
if a.clientID == "" { // only if empty!
a.clientID = app.ClientID
}
if a.clientSecret == "" { // only if empty!
a.clientSecret = app.ClientSecret
}
}
return a
}Since Auth is initialized with the default app's (non-empty) credentials in NewAuth, the override app's credentials are never applied.
Environment
- xurl v0.9.0
- Linux x86_64
- Go (built via goreleaser)