Skip to content

chore: bump cli-engine to 0.3.4 (non-interactive OAuth scope step-up)#73

Merged
jpage-godaddy merged 1 commit into
rust-portfrom
invalid-scope-fix
Jun 29, 2026
Merged

chore: bump cli-engine to 0.3.4 (non-interactive OAuth scope step-up)#73
jpage-godaddy merged 1 commit into
rust-portfrom
invalid-scope-fix

Conversation

@jpage-godaddy

Copy link
Copy Markdown
Collaborator

What

Bumps cli-engine from 0.3.00.3.4 (rust/Cargo.toml, rust/Cargo.lock).

Why

cli-engine 0.3.4 (godaddy/cli-engine#34) fixes an asymmetry in OAuth scope step-up. Previously, PkceAuthProvider::get_credential_for gated step-up on a TTY check only when a token already existed: a command run without a TTY (agent harness, piped stdio) that held a token missing a required scope hard-errored with missing required scope(s): …; run auth login --env … --scope …, while the no-token path always launched the browser flow. The result — surfaced in a bug bash — was that gddy domain suggest failed on first run but auto-authenticated once the token was cleared, and the error's suggested fix (auth login --scope …) was the wrong path.

With the bump, any scoped command (domain suggest, domain purchase, …) now steps up to acquire the missing scope regardless of interactivity. The requested set stays defaults ∪ granted ∪ required, so step-up never narrows an existing grant.

Notes

  • Transitively adds clap_complete v4.6.5 (cli-engine's shell-completion feature, added in 0.3.3).
  • No source changes needed here — src/auth.rs delegates straight to PkceAuthProvider, and domain commands already declare their scopes via with_scopes.

Verification

cargo build, cargo clippy --all-targets -- -D warnings, and cargo test (182 passed) all clean.

🤖 Generated with Claude Code

cli-engine 0.3.4 makes OAuth scope step-up fire for under-scoped tokens in
non-interactive sessions (godaddy/cli-engine#34). Before this, a command run
without a TTY (agent harness, piped stdio) that held a token missing a
required scope hard-errored with "missing required scope(s)" instead of
launching the OAuth flow, while the same command auto-authenticated once the
token was cleared.

With the bump, `gddy domain suggest` / `domain purchase` and any scoped
command now step up to acquire the missing scope regardless of interactivity.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@jpage-godaddy jpage-godaddy merged commit 206c2b3 into rust-port Jun 29, 2026
1 check passed
@jpage-godaddy jpage-godaddy deleted the invalid-scope-fix branch June 29, 2026 19:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant