Skip to content

[Personal-WP] Add GitHub OAuth integration for private repositories #3180

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
akirk wants to merge 1 commit into
base: trunk
Choose a base branch
from
Open

[Personal-WP] Add GitHub OAuth integration for private repositories #3180

akirk wants to merge 1 commit into from
+2,829 −1

Conversation

@akirk
Copy link
Member

@akirk akirk commented Jan 25, 2026
edited
Loading

Motivation for the change, related issues

This PR adds GitHub OAuth support to personal-wp, allowing blueprints to access private GitHub repositories. This mirrors the existing OAuth support in the main website.

Todo after merging

Create a new Github app and configure the CLIENT_ID and CLIENT_SECRET for this deployment.

Contains fixes from #3181

Implementation details

OAuth Flow

  • Added oauth.php for token exchange with GitHub
  • Added GitHubPrivateRepoAuthModal component to prompt for authentication when a blueprint requires private repo access
  • createGitAuthHeaders() provides authentication headers for GitHub API requests

Blueprint Preservation

  • Hash fragment blueprints are converted to blueprint-url query parameters early in main.tsx to survive the OAuth redirect flow
  • buildOAuthRedirectUrl() also handles this conversion when building the redirect URL

Multi-tab Handling

  • When a new tab opens with a blueprint requiring OAuth, it properly coordinates with existing tabs via the takeover mechanism
  • Key fix: Token is stored in sessionStorage (not just memory) to survive the takeover reload. sessionStorage is cleared when the tab closes, maintaining security.

Error Handling

  • Added detection for GitAuthenticationError in the boot error handler
  • Added early return in catch block to prevent URL clearing after errors (was stripping blueprint-url before OAuth redirect could preserve it)
  • Token capture timing fixed to happen at call time, not creation time

Testing Instructions (or ideally a Blueprint)

  1. Deploy personal-wp with oauth.php configured for your GitHub OAuth app
  2. Open personal-wp with a blueprint referencing a private GitHub repository: 
    https://your-personal-wp.example/#{"steps":[{"step":"installPlugin","pluginData":{"resource":"url","url":"https://github.com/your-username/private-repo/archive/refs/heads/main.zip"}}]}
  3. Verify the GitHub auth modal appears
  4. Complete the OAuth flow
  5. Verify the blueprint is applied with the private repository content

Multi-tab test:

  1. Open personal-wp in Tab A (main tab)
  2. Open a new tab (Tab B) with a blueprint requiring OAuth
  3. Tab B should request takeover and show the auth modal
  4. Complete OAuth in Tab B
  5. Verify Tab B reloads and applies the blueprint (token survives reload via sessionStorage)

@akirk akirk changed the title [Website] Preserve blueprint URL fragment during GitHub OAuth redirect [Personal-WP] Add GitHub OAuth integration for private repositories Jan 25, 2026
@akirk akirk force-pushed the persistent/github-oauth branch 2 times, most recently from f0084e0 to b9d661f Compare January 25, 2026 09:29
@akirk akirk requested a review from a team as a code owner January 25, 2026 09:29
@akirk akirk force-pushed the persistent/github-oauth branch from b9d661f to a9ae2b1 Compare January 25, 2026 09:32
@akirk akirk force-pushed the persistent/i18n-app-catalog branch from 3318673 to c9943c8 Compare January 25, 2026 10:54
@akirk akirk force-pushed the persistent/github-oauth branch from a9ae2b1 to c5ada0d Compare January 25, 2026 11:40
@akirk akirk mentioned this pull request Jan 26, 2026
Closed
@akirk akirk force-pushed the persistent/github-oauth branch from c5ada0d to a856cfa Compare January 26, 2026 08:52
@akirk akirk force-pushed the persistent/i18n-app-catalog branch from 7c6e8a0 to 5e694fc Compare January 26, 2026 09:00
@akirk akirk force-pushed the persistent/github-oauth branch 2 times, most recently from 1e68842 to c4f4aa2 Compare January 26, 2026 09:15
@akirk akirk force-pushed the persistent/i18n-app-catalog branch from 5e694fc to 8a9b151 Compare January 26, 2026 09:27
@akirk akirk force-pushed the persistent/github-oauth branch from c4f4aa2 to 83320f7 Compare January 26, 2026 09:27
@akirk akirk force-pushed the persistent/i18n-app-catalog branch from 8a9b151 to 36800a5 Compare January 26, 2026 12:35
@akirk akirk force-pushed the persistent/github-oauth branch from 83320f7 to 70fb69c Compare January 26, 2026 12:36
@akirk akirk force-pushed the persistent/i18n-app-catalog branch from 36800a5 to b17472b Compare January 26, 2026 12:52
@akirk akirk force-pushed the persistent/github-oauth branch from 70fb69c to 0a87ca1 Compare January 26, 2026 12:52
@akirk akirk force-pushed the persistent/i18n-app-catalog branch from b17472b to 81095b9 Compare January 27, 2026 12:25
Base automatically changed from persistent/i18n-app-catalog to trunk January 27, 2026 14:02
@akirk
[Personal-WP] Add GitHub OAuth integration for private repositories
0c61bdd 
Adds GitHub OAuth support to personal-wp, allowing blueprints to access
private GitHub repositories.

- Added oauth.php for token exchange with GitHub
- Added GitHubPrivateRepoAuthModal for authentication prompts
- createGitAuthHeaders() provides auth headers, capturing token at call
  time (not creation time) to work after OAuth redirect

- Hash fragment blueprints converted to blueprint-url query params early
  in main.tsx to survive OAuth redirect
- buildOAuthRedirectUrl() handles this conversion for the auth modal

- GitAuthenticationError detection in boot error handler
- Early return in catch block prevents URL clearing after errors
@akirk akirk force-pushed the persistent/github-oauth branch from 0a87ca1 to 0c61bdd Compare January 27, 2026 15:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

[Feature] Personal Playground

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@akirk