Draft: Migrate OAuth flow to use device authorization grant method (!2025) · Merge requests · GitLab.org / cli

Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you receive complimentary access to GitLab Duo.

What does this MR do and why?

The change replaces the OAuth browser-based redirect flow with the device authorization grant flow, which provides a better auth experience. This removes the need to run a local HTTP server and simplifies token handling.

Key changes:

Implement device authorization flow per GitLab OAuth2 spec
Add polling mechanism for token retrieval
Remove PKCE and redirect handling code

References

Screenshots or screen recordings

Before	After

How to set up and validate locally

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited Apr 12, 2025 by 🤖 GitLab Bot 🤖

Draft: Migrate OAuth flow to use device authorization grant method

What does this MR do and why?

References

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports