Dev #31
Open
Dev #31
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add AuthType::RequestBody to OAuth client for PKCE compliance - Spotify requires client_id in request body (not Basic auth header) for PKCE flow - Add OAUTH_AUTH_REQUIRED command to handle expired session gracefully - Improve error logging for OAuth refresh failures - WebApi client now emits re-auth command when token refresh fails
Previously, OAUTH_AUTH_REQUIRED only showed an error but didn't clear the invalid tokens from config. This caused an infinite error loop on restart as the old invalid tokens would be reloaded.
The session.shutdown() method calls worker.join() which blocks the UI thread, causing the app to freeze during logout. Removed the blocking call - session cleanup happens naturally on new login or app exit.
When OAuth token refresh fails at startup (e.g., revoked token), now properly clears credentials and tokens so user sees login screen instead of falling back to invalid tokens that cause repeated errors.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request introduces significant improvements to the OAuth authentication and token refresh flow, enhances user feedback and error handling for authentication failures, and adds a new controller for global keybinds. The changes ensure that expired or invalid OAuth tokens are properly detected, cleared, and that the user is prompted to re-authenticate, resulting in a more robust and user-friendly authentication experience. Additionally, a new
KeybindsControllercentralizes keybind action handling and user feedback.OAuth authentication and token refresh improvements:
psst-core/src/oauth.rsto useAuthType::RequestBody, ensuring that theclient_idis included in the body for PKCE flows, as required by Spotify, both for initial authentication and token refresh. Improved logging and error handling during token refresh. [1] [2] [3]Session expiration and re-authentication handling:
OAUTH_AUTH_REQUIREDcommand and associated logic in the delegate and Web API client. When token refresh fails or is not possible, the application clears all authentication data and notifies the user to re-authenticate, ensuring the UI reflects the expired session state. [1] [2] [3] [4]Keybinds and user feedback:
KeybindsControllerinpsst-gui/src/controller/keybinds.rsto centralize handling of global keybind actions, including playback, navigation, UI controls, and queue behavior. Provides user feedback for relevant actions (e.g., volume changes, queue mode switches).These changes collectively improve the reliability of authentication, enhance the user experience during session expiration, and provide a more maintainable architecture for handling keybinds and user actions.