Conversation
olafurpg
left a comment
olafurpg
left a comment
There was a problem hiding this comment.
I think this fix will only work for VS Code
| const returnToURL = parameters.get('returnTo') | ||
| const isCody = parameters.get('requestFrom') === 'CODY' | ||
| // Even if just the return URL contains `requestFrom=CODY`, we should treat it as a request from Cody. | ||
| const isCody = parameters.get('requestFrom') === 'CODY' || returnToURL?.includes('requestFrom=CODY') |
There was a problem hiding this comment.
I just double-checked that the returnTo parameter is decoded in the URL https://sourcegraph.com/cody/manage?returnTo=%2Fuser%2Fsettings%2Ftokens%2Fnew%2Fcallback%3FrequestFrom%3DCODY%26tokenReceiverUrl%3Dhttp%253A%252F%252F127.0.0.1%253A59233%252F0cd3184fa6ced459885cefd00be0036d
However, this fix doesn't work for JetBrains which has requestFrom=JETBRAINS-$PORT_NUMBER. Example URL
There was a problem hiding this comment.
@olafurpg I see. Looks like a miscommunication happened about the intended interface of this page, as none of the clients seem to be passing the requestFrom=CODY argument to the /cody/manage page specifically. I think this requirement might not have been communicated to client teams. Anyway, it is what it is, let's figure out how to go forward.
I have a few ideas for a solution:
a.) Add yet another exception to detect requestFrom=JETBRAINS in the URL. But then, Neovim or others might fall into the same hole.
b.) Detect "/user/settings/tokens/new/callback" in the URL instead—all clients use it, so it clearly indicates a call coming from Cody.
c.) I wonder if we could just do the redirect for any returnTo without showing the onboarding form. I'd need to check with Product, but as I'm aware of our flows, we don't call this page with a returnTo with the intention for the user to go through the onboarding flow and then be redirected.
If Product agrees, I'd just go with c.), as that's the simplest logic.
There was a problem hiding this comment.
We will add login flows for Visual Studio and Eclipse soon. I vote for c), but option b) also works
There was a problem hiding this comment.
@olafurpg, I've implemented a solution between b and c, redirecting all requests that have requestFrom as a search param to /cody/manage, or anywhere in the returnTo URL: https://github.com/sourcegraph/sourcegraph/pull/63096/commits/2421f60d89c848e1302d7a17316090744042c06c
2 participants
Closes https://linear.app/sourcegraph/issue/PRIME-299/unable-to-sign-into-cody-account-via-github
The problem is that in some cases, the Cody Management page (https://courcegraph.com/cody/manage) doesn't redirect requests to the
returnToURL passed to it.The situation when this occurs is when the user has not completed the Cody onboarding flow in the browser they are seeing the page.
History of the bug:
completedwas initialized with the value oftrue.requestFrom=CODYeven in the return URL.This is actually just another hack; the right solution would be for clients to propoerly pass the
request=CODYto the Cody Management page itself, not just in the return URL. But it is what it is, this solution works with that glitch, which is a solution that works with versions of clients that are already released.Test plan
I've tested locally with all combinations of
ab-shortened-install-first-signup-flow-cody-2024-04feature flag being on/offrequestFrom=CODYpresent/not present in the return URLcody.onboarding.completedtemporary setting beingtrue/falseChangelog
fix(cody): redirect Cody client requests to the access token creation page in all cases