Skip to content

Fix authentication URL port handling#75

Open
maci3jka wants to merge 1 commit into
EngFlow:mainfrom
maci3jka:authentication_URL_port_fix
Open

Fix authentication URL port handling#75
maci3jka wants to merge 1 commit into
EngFlow:mainfrom
maci3jka:authentication_URL_port_fix

Conversation

@maci3jka
Copy link
Copy Markdown

@maci3jka maci3jka commented May 11, 2026
edited
Loading

When the cluster URL includes a non-default port (non 443) and the verification URL does not specify one, the browser was opened to the wrong host — missing the port entirely and causing the authentication flow to fail.
Example that I faced when port forwarding k8s service

$engflow_auth login --insecure localhost:8443
Warning: server TLS validation is disabled
Attempting to automaticaly open the authentication URL in your web browser.
If the browser does not open or you wish to use a different device to authorize this request, open the following URL:

        https://localhost/login?userCode=XXXX-YYYY-ZZZZ&redirect=QWERTY123==

@laszlocsomor
Copy link
Copy Markdown
Contributor

laszlocsomor commented May 13, 2026
edited
Loading

Please rebase; CI should pass at f1ab63d

@maci3jka maci3jka force-pushed the authentication_URL_port_fix branch from a3376bc to 91892ce Compare May 13, 2026 19:34
@maci3jka
Copy link
Copy Markdown
Author

maci3jka commented May 13, 2026

Please rebase; CI should pass at f1ab63d

@laszlocsomor done

@laszlocsomor
Copy link
Copy Markdown
Contributor

laszlocsomor commented May 14, 2026

And please describe in the PR message what was the bug. Looks like when the cluster listens on a nonstandard port, the verification URL should contain it too, but please confirm.

When would this be a problem, I mean in what case do you access a cluster on a nonstandard port?

@maci3jka
Copy link
Copy Markdown
Author

maci3jka commented May 14, 2026

I've faced

$engflow_auth login --insecure localhost:8443
Warning: server TLS validation is disabled
Attempting to automaticaly open the authentication URL in your web browser.
If the browser does not open or you wish to use a different device to authorize this request, open the following URL:

        https://localhost/login?userCode=XXXX-YYYY-ZZZZ&redirect=QWERTY123==

this pr fixes that. I've updated the description

@laszlocsomor laszlocsomor requested review from Yannic and jayconrod May 18, 2026 07:54
@jayconrod
Copy link
Copy Markdown
Contributor

jayconrod commented May 18, 2026

Hi @maci3jka, for legal reasons, we don't accept external PRs in this repo. We haven't got a contributor license agreement or copyright assignment in place. (And CI is failing because the required secret is not exposed for external PRs).

Could you tell us more what you're trying to do? I can confirm engflow_auth login works on a local port for a cluster running locally. But it sounds like you might be authenticating through a local proxy running against another EngFlow server, and you want to rewrite the verification URL specified by the server to use the local proxy port instead of the remote port. Is that right?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Yannic Yannic Yannic approved these changes

@laszlocsomor laszlocsomor laszlocsomor approved these changes

@jayconrod jayconrod Awaiting requested review from jayconrod

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@maci3jka @laszlocsomor @jayconrod @Yannic