feat: support for oauth via PKCE in browser

[drstrangelooker]

Support OAuth flow so that client_id and client_secret aren't required.

[gemini-code-assist]

Summary of Changes

Hello @drstrangelooker, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

I've implemented support for OAuth 2.0 with Proof Key for Code Exchange (PKCE) for browser-based authentication. This enhancement removes the need for client_id and client_secret in client-side applications, improving security by preventing credential leakage. The changes introduce new functions to handle the PKCE flow, including generating code verifiers and challenges, managing local server redirects, and automatically opening the authorization URL in a browser.

Highlights

• PKCE OAuth Flow Implementation: I've added NewPkceAuthSession and NewPkceAuthSessionWithTransport functions in go/rtl/auth.go to facilitate the PKCE-based OAuth authentication process. These functions handle the full PKCE flow, from generating the code verifier and challenge to exchanging the authorization code for a token.
• PKCE Utility Functions: I've introduced helper functions like generatePKCEPair for creating code verifiers and challenges, startLocalServerAndWaitForCode to manage the local HTTP server for OAuth redirects, generateSecureRandomString for state, and openBrowser for automatic browser launching. These utilities are crucial for the seamless execution of the PKCE flow.
• Enhanced API Settings for PKCE: I've extended the ApiSettings struct in go/rtl/settings.go with AuthUrl, RedirectPort, and RedirectPath fields, allowing for flexible configuration of the PKCE flow. Default values for RedirectPort (8080) and RedirectPath ("/callback") have also been set.
• Environment Variable Support for PKCE Configuration: I've added new environment variables (LOOKERSDK_AUTH_URL, LOOKERSDK_REDIRECT_PORT, LOOKERSDK_REDIRECT_PATH) in go/rtl/constants.go and updated NewSettingsFromEnv in go/rtl/settings.go to enable configuration of PKCE settings via environment variables.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments or fill out our survey to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request adds support for OAuth 2.0 with PKCE, which is a valuable security enhancement for browser-based flows. The implementation correctly follows the PKCE standard and uses a local server to handle the redirect, which is a solid approach. My review focuses on improving error handling to prevent application termination, addressing a potential bug with an unhandled error, and increasing flexibility by making hardcoded values like scopes and timeouts configurable. These changes will make the new authentication flow more robust and user-friendly.

[github-actions]

Go Tests

  6 files  ±0    6 suites  ±0   2m 32s ⏱️ +23s
 50 tests ±0   50 ✅ ±0  0 💤 ±0  0 ❌ ±0 
120 runs  ±0  120 ✅ ±0  0 💤 ±0  0 ❌ ±0 

Results for commit c34a1c3. ± Comparison against base commit 6e45409.

♻️ This comment has been updated with latest results.

[drstrangelooker]

@bryans99 are you a decent person to review this?

[drstrangelooker]

Nevermind. I found a different way to do what I want.