From 27470207f201448d6b19a6b461dc29387363cbf3 Mon Sep 17 00:00:00 2001 From: J Chris Anderson Date: Sun, 26 Oct 2025 16:57:20 -0600 Subject: [PATCH 1/2] fix: critical token logic bug and add OAuth implementation TODOs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Fix inverted isErr() check in to-cloud.ts that was breaking token flow - Add TODO markers at 4 key OAuth integration points: * iframe-fpcc-protocol: Real token exchange needed * fp-cloud-connect-strategy: Popup callback handler needed * page-fpcc-protocol: App ID generation needed * iframe-fpcc-protocol: Device ID integration needed - Leave device-id-protocol.ts actions commented out (incomplete implementation) These changes unblock token flow testing without hiding incomplete work. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- core/device-id/device-id-protocol.ts | 4 ++-- core/gateways/cloud/to-cloud.ts | 2 +- use-fireproof/fp-cloud-connect-strategy.ts | 3 +++ use-fireproof/fp-cloud-connector/iframe-fpcc-protocol.ts | 8 ++++++++ use-fireproof/fp-cloud-connector/page-fpcc-protocol.ts | 4 +++- 5 files changed, 17 insertions(+), 4 deletions(-) diff --git a/core/device-id/device-id-protocol.ts b/core/device-id/device-id-protocol.ts index 8398ea5cd..2f538aecf 100644 --- a/core/device-id/device-id-protocol.ts +++ b/core/device-id/device-id-protocol.ts @@ -29,7 +29,7 @@ async function ensureCA(sthis: SuperThis, opts: DeviceIdProtocolSrvOpts): Promis caSubject: { commonName: env.DEVICE_ID_CA_COMMON_NAME ?? "Fireproof CA", }, - actions: [], // opts.actions , + actions: [], // opts.actions - TODO: CAActions implementation required }), ); } @@ -45,7 +45,7 @@ export interface DeviceIdProtocolSrvOpts { readonly DEVICE_ID_CA_KEY: string; readonly DEVICE_ID_CA_COMMON_NAME?: string; }; - // readonly actions: CAActions; + // readonly actions: CAActions; - TODO: CAActions implementation required } export class DeviceIdProtocolSrv implements DeviceIdProtocol { diff --git a/core/gateways/cloud/to-cloud.ts b/core/gateways/cloud/to-cloud.ts index 8fd51d259..6a2038e8d 100644 --- a/core/gateways/cloud/to-cloud.ts +++ b/core/gateways/cloud/to-cloud.ts @@ -248,7 +248,7 @@ class ToCloud implements ToCloudAttachable { // wait for the token // const token = await this._tokenObserver.getToken(logger, ledger); const rToken = await this.opts.strategy.waitForToken(ledger.sthis, logger, ledger.name, this.opts); - if (!rToken.isErr) { + if (rToken.isErr()) { return Result.Err(rToken); } const token = rToken.unwrap(); diff --git a/use-fireproof/fp-cloud-connect-strategy.ts b/use-fireproof/fp-cloud-connect-strategy.ts index f50e7a093..0f88533fc 100644 --- a/use-fireproof/fp-cloud-connect-strategy.ts +++ b/use-fireproof/fp-cloud-connect-strategy.ts @@ -122,6 +122,9 @@ export class FPCloudConnectStrategy implements TokenStrategie { this.title, `left=${left},top=${top},width=${width},height=${height},scrollbars=yes,resizable=yes,popup=yes`, ); + // TODO: Add popup callback handler here + // Need to listen for postMessage from popup window containing OAuth result + // Example: window.addEventListener('message', (event) => { ... }) // window.location.href = url.toString(); } diff --git a/use-fireproof/fp-cloud-connector/iframe-fpcc-protocol.ts b/use-fireproof/fp-cloud-connector/iframe-fpcc-protocol.ts index 9866c8d58..8a8f38551 100644 --- a/use-fireproof/fp-cloud-connector/iframe-fpcc-protocol.ts +++ b/use-fireproof/fp-cloud-connector/iframe-fpcc-protocol.ts @@ -95,6 +95,11 @@ class MemoryFPCCEvtEntity implements BackendFPCC { } waitForAuthToken(tid: string, tokenURI: string): Promise { + // TODO: Implement real OAuth token exchange + // Should: 1) Listen for popup window callback message + // 2) Extract auth token from message + // 3) Exchange with tokenURI endpoint + // 4) Return real JWT token return sleep(100).then(() => `fake-auth-token:${tid}:${tokenURI}`); } @@ -147,6 +152,9 @@ export class IframeFPCCProtocol implements FPCCProtocol { }; getDeviceId(): string { + // TODO: Integrate with core/device-id/device-id-protocol.ts + // Should use DeviceIdProtocol to generate/retrieve device certificate + // This ties into the device identity and auth system return "we-need-to-implement-device-id"; } diff --git a/use-fireproof/fp-cloud-connector/page-fpcc-protocol.ts b/use-fireproof/fp-cloud-connector/page-fpcc-protocol.ts index fc4cfd3df..4eb579f9e 100644 --- a/use-fireproof/fp-cloud-connector/page-fpcc-protocol.ts +++ b/use-fireproof/fp-cloud-connector/page-fpcc-protocol.ts @@ -82,7 +82,9 @@ export class PageFPCCProtocol implements FPCCProtocol { } getAppId(): string { - // setup in ready + // TODO: Generate or retrieve stable app ID + // Should be consistent across sessions for the same app origin + // Consider using: hash(window.location.origin) or stored value return "we-need-to-implement-app-id-this"; } From 61044fb1bd145c3df4ebd6e15399833bde93f309 Mon Sep 17 00:00:00 2001 From: J Chris Anderson Date: Sun, 26 Oct 2025 17:04:32 -0600 Subject: [PATCH 2/2] feat: add stub CAActions implementation for device-id protocol MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add temporary stub implementation of CAActions.generateSerialNumber to unblock builds while proper serial number generation is implemented. The stub generates a timestamp-based serial number with random suffix. This allows the device-id protocol to compile and function for testing while the OAuth integration work continues. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- core/device-id/device-id-protocol.ts | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/core/device-id/device-id-protocol.ts b/core/device-id/device-id-protocol.ts index 2f538aecf..69e254bfe 100644 --- a/core/device-id/device-id-protocol.ts +++ b/core/device-id/device-id-protocol.ts @@ -1,10 +1,19 @@ -import { IssueCertificateResult, JWKPrivateSchema, SuperThis } from "@fireproof/core-types-base"; -import { DeviceIdCA } from "./device-id-CA.js"; +import { IssueCertificateResult, JWKPrivateSchema, SuperThis, JWKPublic } from "@fireproof/core-types-base"; +import { CAActions, DeviceIdCA } from "./device-id-CA.js"; import { param, Result } from "@adviser/cement"; import { DeviceIdKey } from "./device-id-key.js"; import { base58btc } from "multiformats/bases/base58"; import { DeviceIdVerifyMsg, VerifyWithCertificateResult } from "./device-id-verify-msg.js"; +// Stub implementation until real CAActions is integrated +const stubCAActions: CAActions = { + generateSerialNumber: async (_pub: JWKPublic) => { + // TODO: Implement proper serial number generation based on public key + // This should generate a unique, deterministic serial number for the certificate + return `stub-${Date.now()}-${Math.random().toString(36).slice(2)}`; + }, +}; + async function ensureCA(sthis: SuperThis, opts: DeviceIdProtocolSrvOpts): Promise> { const rEnv = sthis.env.gets({ DEVICE_ID_CA_KEY: opts.env?.DEVICE_ID_CA_KEY ?? param.REQUIRED, @@ -29,7 +38,7 @@ async function ensureCA(sthis: SuperThis, opts: DeviceIdProtocolSrvOpts): Promis caSubject: { commonName: env.DEVICE_ID_CA_COMMON_NAME ?? "Fireproof CA", }, - actions: [], // opts.actions - TODO: CAActions implementation required + actions: stubCAActions, }), ); } @@ -45,7 +54,7 @@ export interface DeviceIdProtocolSrvOpts { readonly DEVICE_ID_CA_KEY: string; readonly DEVICE_ID_CA_COMMON_NAME?: string; }; - // readonly actions: CAActions; - TODO: CAActions implementation required + // Note: Uses stubCAActions until proper CAActions implementation is provided } export class DeviceIdProtocolSrv implements DeviceIdProtocol {