Device Auth Workflow #4178
Merged
Device Auth Workflow #4178
+1,919
−50
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
catrielmuller
requested review from
brianc,
Copilot,
hassoncs and
kevinvandijk
🦋 Changeset detectedLatest commit: 9da4ece The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR implements a device authorization workflow for Kilo Code, replacing the previous browser-based OAuth callback flow. Users can now authenticate by scanning a QR code or opening a verification URL in their browser, entering a code, and approving the device - similar to how GitHub CLI and other modern applications handle authentication.
Key Changes:
- New device auth flow with QR code support
- Dedicated auth tab and UI components
- Integration with settings and welcome flows
- Backend service for polling authorization status
Reviewed changes
Copilot reviewed 39 out of 39 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
webview-ui/src/utils/kilocode/qrcode.ts |
New utility for QR code generation using the qrcode library |
webview-ui/src/i18n/locales/*/kilocode.json |
Added translations for device auth UI in 18 languages |
webview-ui/src/components/kilocode/common/DeviceAuthCard.tsx |
New component displaying auth code, QR code, and status |
webview-ui/src/components/kilocode/common/KiloCodeAuth.tsx |
Updated welcome screen to use device auth instead of browser redirect |
webview-ui/src/components/kilocode/auth/AuthView.tsx |
New dedicated view for device auth flow |
webview-ui/src/components/settings/SettingsView.tsx |
Enhanced profile editing to support auth return flow |
webview-ui/src/components/settings/ApiOptions.tsx |
Removed unused props for cleaner API |
webview-ui/src/components/kilocode/settings/providers/KiloCode.tsx |
Changed login button to trigger device auth flow |
webview-ui/src/App.tsx |
Added auth tab routing and state management |
src/services/kilocode/DeviceAuthService.ts |
New service for device auth polling with event emitter pattern |
src/services/kilocode/__tests__/DeviceAuthService.test.ts |
Comprehensive test coverage for device auth service |
src/core/webview/ClineProvider.ts |
Integration of device auth service with provider lifecycle |
src/core/webview/webviewMessageHandler.ts |
Message handlers for device auth flow |
src/shared/WebviewMessage.ts |
Added device auth message types |
src/shared/ExtensionMessage.ts |
Added device auth extension message types |
packages/types/src/kilocode/device-auth.ts |
TypeScript type definitions for device auth API |
packages/types/src/index.ts |
Exported device auth types |
.changeset/gentle-plants-smile.md |
Changeset documenting the new feature |
brianc
reviewed
Dec 3, 2025
brianc
reviewed
Dec 3, 2025
brianc
reviewed
Dec 3, 2025
brianc
reviewed
Dec 3, 2025
kevinvandijk
reviewed
Dec 3, 2025
.changeset/gentle-plants-smile.md
Outdated
| "kilo-code": minor | ||
| --- | ||
|
|
||
| Kilo Gateway - New device authorization workflow |
Collaborator
There was a problem hiding this comment.
It would be nice to clarify a bit more what this means
kevinvandijk
approved these changes
Dec 3, 2025
Co-authored-by: Copilot <[email protected]>
catrielmuller
force-pushed
the
catrielmuller/extension-device-auth
branch
from
30de4f1 to
9da4ece
Compare
![kiloconnect[bot]](https://avatars.githubusercontent.com/in/2193792?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
✅ No New Issues Found
41 files reviewed | Confidence: 95% | Recommendation: Merge
This PR implements a well-structured device authorization flow for Kilo Gateway. The implementation follows OAuth 2.0 device authorization grant patterns with QR code support.
Review Details
Key Files Reviewed:
src/services/kilocode/DeviceAuthService.ts- Core service with EventEmitter pattern, proper polling, and cleanupsrc/core/kilocode/webview/deviceAuthHandler.ts- Handler encapsulating device auth logic (refactored per feedback)src/core/kilocode/webview/webviewMessageHandlerUtils.ts- Message handlers (refactored per feedback)packages/types/src/kilocode/device-auth.ts- Zod schemas for response validationwebview-ui/src/components/kilocode/auth/AuthView.tsx- Auth flow UIwebview-ui/src/components/kilocode/common/DeviceAuthCard.tsx- UI component with state managementsrc/services/kilocode/__tests__/DeviceAuthService.test.ts- Comprehensive test coverage
Checked:
- ✅ Security: Token handling, URL validation, no injection risks
- ✅ Error handling: All error states properly handled and communicated
- ✅ Resource cleanup: Proper
dispose()methods and polling cleanup - ✅ Type safety: Zod validation implemented per reviewer feedback
- ✅ Test coverage: Comprehensive tests for all service methods and events
Previous Feedback Addressed:
- Code moved to separate files (
deviceAuthHandler.ts,webviewMessageHandlerUtils.ts) - Zod validation implemented for API responses
- Async import removed
This was referenced Dec 9, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Context
Resolve: #2517
Implementation
Know Issues
Screenshots
How to Test