Skip to content

fix: recognize keychain/env atl credentials in hasOAuthCredentials()#100

Merged
Hinne1 merged 1 commit into
mainfrom
claude/atl-keychain-cred-detect
Jul 10, 2026
Merged

fix: recognize keychain/env atl credentials in hasOAuthCredentials()#100
Hinne1 merged 1 commit into
mainfrom
claude/atl-keychain-cred-detect

Conversation

@Hinne1

@Hinne1 Hinne1 commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Why

Fast-follow to the shared-Atlassian-app rollout (env-setup #374 / DEV-178). hasOAuthCredentials() only scanned ~/.config/atlassian/config.yaml, so it was blind to credentials atl resolves from the OS keychain or env vars.

Post-rollout, a freshly onboarded dev has the shared client provisioned in the keychain with an empty config.yaml. The old check returned falseconfigureAtlassianCli() walked them through creating their own OAuth app, defeating the migration. (Existing devs are unaffected — they already have a config.yaml client_id.)

What

Ask atl itself first: parse the OAuth credentials: <source> line from atl auth status (atl's own resolver is env > keychain > config), treating anything but not configured as configured. Fall back to the config.yaml scan for an older atl that predates keychain support, or when the binary isn't found — so no behavior change on v1.8.

Verification

Ran hasOAuthCredentials() against real atl + keychain (config.yaml moved aside to isolate the keychain path, restored after):

Scenario atl status source result
config absent + keychain provisioned (v1.10) — the fix OS keychain TRUE (old code: FALSE)
config absent + clean keychain (v1.10) not configured FALSE
config present + clean keychain (v1.10) config file TRUE
v1.8 atl + config present (fallback) (no source line) TRUE
v1.8 atl + no config (fallback) (no source line) FALSE

npm run lint clean, prettier --check clean.

https://claude.ai/code/session_01A15prxAxWv2CBfZKzFxTD2

hasOAuthCredentials() only scanned ~/.config/atlassian/config.yaml, so it was
blind to credentials that atl resolves from the OS keychain or environment
variables. After the shared-OAuth-app rollout a freshly onboarded dev has the
shared client provisioned in the keychain (empty config.yaml), so the old check
returned false and walked them through creating their own OAuth app — defeating
the migration.

Ask atl itself first: parse the 'OAuth credentials: <source>' line from
'atl auth status' (env vars > OS keychain > config file), treating anything but
'not configured' as configured. Fall back to the config.yaml scan for an older
atl that predates keychain support or when the binary isn't found.

Claude-Session: https://claude.ai/code/session_01A15prxAxWv2CBfZKzFxTD2
@Hinne1 Hinne1 marked this pull request as ready for review July 10, 2026 12:58
@Hinne1 Hinne1 merged commit 6255474 into main Jul 10, 2026
7 checks passed
@Hinne1 Hinne1 deleted the claude/atl-keychain-cred-detect branch July 10, 2026 13:32
@Hinne1 Hinne1 mentioned this pull request Jul 10, 2026
Hinne1 added a commit that referenced this pull request Jul 10, 2026
Ships the keychain/env-aware hasOAuthCredentials() from #100 so the shared
Atlassian OAuth app rollout is picked up by environment-setup (dep ^1.9.0).

Claude-Session: https://claude.ai/code/session_01A15prxAxWv2CBfZKzFxTD2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant