Skip to content

feat(setup): Use new browser signup/signin and org/project selection flow#188

Open
Luca Forstner (lforst) wants to merge 3 commits into
mainfrom
lforst/bt-setup-app-login
Open

feat(setup): Use new browser signup/signin and org/project selection flow#188
Luca Forstner (lforst) wants to merge 3 commits into
mainfrom
lforst/bt-setup-app-login

Conversation

@lforst
Copy link
Copy Markdown
Member

@lforst Luca Forstner (lforst) commented May 15, 2026
edited
Loading

Uses new sign-in flow introduced in

DO NOTE MERGE until those are merged.

Changes:

  • Opens the users browser on the newly introduced wizard flow pages
  • Polls the session endpoint until the user has completed it
  • Picks up api key, org and project from poll result and prints selected org/project to the user

Tested locally by just running while braintrust dev server is running: cargo run -- setup --app-url http://localhost:3000 --no-skills

wizard-flow.mp4

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 15, 2026
edited
Loading

Latest downloadable build artifacts for this PR commit 63a6f29a089a:

Available artifact names
  • ``artifacts-build-global
  • ``artifacts-build-local-x86_64-apple-darwin
  • ``artifacts-build-local-x86_64-pc-windows-msvc
  • ``artifacts-build-local-aarch64-pc-windows-msvc
  • ``artifacts-build-local-x86_64-unknown-linux-gnu
  • ``artifacts-build-local-x86_64-unknown-linux-musl
  • ``artifacts-build-local-aarch64-unknown-linux-gnu
  • ``artifacts-build-local-aarch64-apple-darwin
  • ``artifacts-plan-dist-manifest
  • ``cargo-dist-cache

viadezo1er
Cedric / ViaDézo1er (viadezo1er) requested changes May 18, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@viadezo1er Cedric / ViaDézo1er (viadezo1er) left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Edit: forgot --api-url when specifying --app-url, forget this issue.

I think this breaks login for all other bt commands:

bt auth login
✔ Select login method · OAuth (browser)
Opening browser for OAuth authorization...
If it does not open, visit:
https://api.braintrust.dev/oauth/authorize?response_type=code&client_id=bt_cli_default&state=...
Waiting for browser authorization...
Paste code=...&state=... if callback doesn't complete
error: request failed (401 Unauthorized): Failed to validate Clerk JWT: Error: Unable to find a signing key in JWKS that matches the kid='...' of the provided session token. Please make sure that the __session cookie or the HTTP authorization header contain a Clerk-generated session JWT. The following kid is available: ... [timestamp=1779140533.591]

@lforst
Copy link
Copy Markdown
Member Author

Luca Forstner (lforst) commented May 19, 2026

I think this breaks login for all other bt commands:

bt auth login
✔ Select login method · OAuth (browser)
Opening browser for OAuth authorization...
If it does not open, visit:
https://api.braintrust.dev/oauth/authorize?response_type=code&client_id=bt_cli_default&state=...
Waiting for browser authorization...
Paste code=...&state=... if callback doesn't complete
error: request failed (401 Unauthorized): Failed to validate Clerk JWT: Error: Unable to find a signing key in JWKS that matches the kid='...' of the provided session token. Please make sure that the __session cookie or the HTTP authorization header contain a Clerk-generated session JWT. The following kid is available: ... [timestamp=1779140533.591]

I don't think I changed the code path for bt auth login. This looks more like an error that came from the backend tbh. Could you point to one of my changes that you think would trigger this?

@viadezo1er
Copy link
Copy Markdown
Contributor

Cedric / ViaDézo1er (viadezo1er) commented May 19, 2026
edited
Loading

Classic PEBKAC case, no issue in the code. I forgot to login incognito mode and the --api-url flag.

@viadezo1er
Copy link
Copy Markdown
Contributor

Cedric / ViaDézo1er (viadezo1er) commented May 19, 2026

Previously bt setup kept the user logged-in, so they could run other braintrust commands afterwards (including another bt setup).
This is no longer the case with this pr.
Is it voluntary?

@lforst
Copy link
Copy Markdown
Member Author

Luca Forstner (lforst) commented May 20, 2026

Previously bt setup kept the user logged-in, so they could run other braintrust commands afterwards (including another bt setup). This is no longer the case with this pr. Is it voluntary?

Good catch, updated it so that it saves the profile. We don't want this behavior for spark tho. Doing this just to have backwards compat. In spark we should ask the user whether they want to install the braintrust cli.

@viadezo1er
Copy link
Copy Markdown
Contributor

Cedric / ViaDézo1er (viadezo1er) commented May 20, 2026

Now the -o/--org/-p/--project flag are useless since the user chooses the org/project in the browser, I think that's fine. The only possible thing I see this breaking would be using bt setup in CI, and we are probably the only ones doing this.
So maybe warrants a cleanup later but fine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@viadezo1er Cedric / ViaDézo1er (viadezo1er) viadezo1er approved these changes

@AbhiPrasad Abhijeet Prasad (AbhiPrasad) Awaiting requested review from AbhiPrasad

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lforst @viadezo1er