feat(oauth2): redesign cloud consent screen with RAR resource binding#3101
Conversation
Rework the OAuth2 consent screen for the cloud RAR (RFC 9396) flow. Scopes now carry every requested privilege; authorization_details binds the project/organization tiers to concrete resources, and the resource binding is the only thing the user narrows on the screen. UI/UX: - Grouped surface panels, app-to-account handshake header, and a clearer permission list (replaces the old scope picker). - Supabase-style permission rows: resource-name titles, an access chip (READ / WRITE / READ + WRITE, amber when write is involved), and a one-line description per resource. Rows ordered by access strength. - Console-authored copy for every scope Cloud exposes (drops the terse live scope catalog + its network calls); sensible fallback for unknown scopes. Raw scope tokens are no longer shown inline — a hover copy button yields the exact token. - Resource selector: segmented All/Specific control, searchable chips, clearer Change/Done toggle, and an amber "needs selection" state that blocks Authorize until each requested tier is bound. Delete the standalone oauth2-scope-picker in favour of the read-only permission summary + resource selector.
Greptile SummaryReworks the OAuth2 consent screen for the RAR v2 contract, replacing the old scope picker with a read-only permissions summary and a new
Confidence Score: 5/5Safe to merge — no defects found in the consent flow, resource binding, or approve/reject paths. The grant-swap guard, blocked-until-bound logic, and downscope-only approve payload are all intact and correct. The only findings are a missing .catch() that could leave a spinner stuck in an edge case that cannot currently occur, and dead teamId field selections in project queries. resource-selector.svelte — the search effect find() promise has no .catch() handler. Important Files Changed
Reviews (2): Last reviewed commit: "(fix): key oauth2 consent rows by token ..." | Re-trigger Greptile |
Addresses Greptile review: two resources whose names titleize to the same string would collide when keyed by title. The token is the space-joined raw scopes and is unique per row within a group.
What & why
Reworks the OAuth2 consent screen for the new cloud RAR (RFC 9396) flow, where a client requests every privilege via
scopeand binds those privileges to concrete projects/organizations viaauthorization_details.The screen now:
The old standalone scope picker is removed in favour of a read-only permission summary + a dedicated resource selector.
Changes
Consent model (
oauth2-scopes.ts)read/writescopes into a single row (e.g.tables.read+tables.write→ one Tables row).READ/WRITE/READ + WRITE, amber when write is involved), and a full-line description.Consent card (
consent-card.svelte)Resource selector (
resource-selector.svelte, new)RAR binding (
oauth2-authorization-details.ts)authorization_details, resolve project/organization names, and search resources for the selector.Behaviour preserved
Only appearance/copy changed on the interactive side. Approve/reject, the grant-swap guards, the "bind every requested tier or stay disabled" rule, and the approve payload (resource binding narrowed, scopes untouched) are unchanged.
Screenshots
Basic consent
Many scopes — access chips, ordered by strength
Project + Organization tiers
More flows
Choosing specific projects
Needs selection (blocks Authorize)
Full account access (
allscope)Invalid / expired request
Copy raw scope (hover)
Testing
bun run format·bun run check(0 errors) ·bun run lint(0 errors) ·bun run build✅