Skip to content

feat: add optional JWT-based authentication for cloud deployment #163

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: add optional JWT-based authentication for cloud deployment #163

wants to merge 1 commit into from

Conversation

@vanpelt
Copy link
Collaborator

@vanpelt vanpelt commented Aug 14, 2025

Implements comprehensive authentication system controlled by CATNIP_AUTH_SECRET environment variable:

Backend (Go/Fiber):

  • Add JWT middleware with HMAC-SHA256 signing for secure token validation
  • Support multiple auth methods: Bearer tokens, cookies, and query parameters
  • Add token exchange endpoint for seamless CLI-to-browser handoff
  • Update CORS headers to support Authorization header
  • Enhance settings endpoint to indicate auth requirements

Frontend (React/TypeScript):

  • Auto-detect and exchange CLI tokens for long-lived session cookies
  • Clean token from URL after successful exchange
  • Update auth context to handle new authentication flow
  • Graceful fallback for token exchange failures

CLI Integration:

  • Generate short-lived tokens (5 min) automatically when opening browser
  • Seamless handoff from CLI to browser with query parameter tokens
  • No user interaction required for authentication flow

Key Features:

  • Optional: Only active when CATNIP_AUTH_SECRET is set
  • Secure: HMAC-SHA256 signed JWTs with configurable expiration
  • Flexible: CLI tokens (5 min) exchanged for browser sessions (7 days)
  • Clean: Automatic URL cleanup after token exchange
  • Compatible: Maintains existing GitHub auth integration

🤖 Generated with Claude Code

@claude
feat: add optional JWT-based authentication for cloud deployment
5a0cc05 
Implements comprehensive authentication system controlled by CATNIP_AUTH_SECRET environment variable:

Backend (Go/Fiber):
- Add JWT middleware with HMAC-SHA256 signing for secure token validation
- Support multiple auth methods: Bearer tokens, cookies, and query parameters
- Add token exchange endpoint for seamless CLI-to-browser handoff
- Update CORS headers to support Authorization header
- Enhance settings endpoint to indicate auth requirements

Frontend (React/TypeScript):
- Auto-detect and exchange CLI tokens for long-lived session cookies
- Clean token from URL after successful exchange
- Update auth context to handle new authentication flow
- Graceful fallback for token exchange failures

CLI Integration:
- Generate short-lived tokens (5 min) automatically when opening browser
- Seamless handoff from CLI to browser with query parameter tokens
- No user interaction required for authentication flow

Key Features:
- Optional: Only active when CATNIP_AUTH_SECRET is set
- Secure: HMAC-SHA256 signed JWTs with configurable expiration
- Flexible: CLI tokens (5 min) exchanged for browser sessions (7 days)
- Clean: Automatic URL cleanup after token exchange
- Compatible: Maintains existing GitHub auth integration

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vanpelt