fix(desktop): use deep links for auth on macOS, localhost callback on Linux

[AviPeltz]

Summary

• PR feat(desktop): add Linux build pipeline and stabilize dev auth callba… #1477 added a localhost callback for desktop OAuth to support Linux, but unconditionally sent local_callback on all platforms — bypassing the reliable deep link flow on macOS
• This change makes the auth redirect strategy platform-aware: macOS uses deep links (superset://auth/callback), Linux uses the localhost port callback (http://127.0.0.1:{port}/auth/callback)
• Restores the original pre-feat(desktop): add Linux build pipeline and stabilize dev auth callba… #1477 macOS auth behavior

Changes

• apps/desktop/src/lib/trpc/routers/auth/index.ts:
  • Import PLATFORM from shared/constants
  • Wrap local_callback search param in if (PLATFORM.IS_LINUX) so it's only sent on Linux
  • Update JSDoc on signIn to reflect platform-conditional behavior

Test Plan

• macOS: Sign in → browser opens → OAuth → redirects via superset://auth/callback deep link (no localhost navigation)
• Linux: Sign in → browser opens → OAuth → redirects via http://127.0.0.1:{port}/auth/callback (localhost with HTML success page)
• Confirm "Click here if not redirected" fallback link uses the correct URL for each platform

Summary by CodeRabbit

• Bug Fixes
  • Fixed OAuth sign-in flow to properly handle platform-specific callback URLs (deep links on macOS, localhost on Linux), ensuring consistent authentication behavior across different operating systems.

[coderabbitai]

📝 Walkthrough

Walkthrough

Modified OAuth sign-in flow in the auth router to conditionally include platform-specific callback URL parameters. The local_callback parameter is now only added for Linux, while macOS continues using deep links. Added documentation clarifying platform-specific callback behavior.

Changes

Cohort / File(s)	Summary
OAuth Platform-Specific Callbacks apps/desktop/src/lib/trpc/routers/auth/index.ts	Added PLATFORM constant import; expanded documentation for macOS deep link vs Linux localhost callbacks; made local_callback URL parameter conditional on Linux platform only.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• CharlieHelps

Poem

🐰 A tunnel made of platforms wide,
On Linux, callbacks come inside,
macOS leaps with deeplinks true,
Each path unique, each rabbit knew! 🔐✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: making the OAuth auth redirect strategy platform-aware with deep links for macOS and localhost callback for Linux.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	The PR description is comprehensive, well-structured, and includes all required template sections with specific details about changes, platform-aware behavior, and test plan.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch auth-stuff

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (2)

apps/desktop/src/lib/trpc/routers/auth/index.ts (2)

92-98: Consider using !PLATFORM.IS_MAC instead of PLATFORM.IS_LINUX for future-proofing.

Currently, Windows (and any other platform) will also skip local_callback and attempt deep links. If deep links are only reliable on macOS, a safer guard would be !PLATFORM.IS_MAC, so any non-macOS platform falls back to the localhost callback automatically.

Suggested diff

-				// Only send local_callback on Linux where deep links are unreliable
-				if (PLATFORM.IS_LINUX) {
+				// Send local_callback on non-macOS platforms where deep links may be unreliable
+				if (!PLATFORM.IS_MAC) {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/desktop/src/lib/trpc/routers/auth/index.ts` around lines 92 - 98,
Replace the platform check that conditions adding the local_callback (currently
using PLATFORM.IS_LINUX) with a non-macOS check so all non-mac platforms use the
localhost fallback; update the if in the auth router around
connectUrl.searchParams.set("local_callback",
`http://127.0.0.1:${sharedEnv.DESKTOP_NOTIFICATIONS_PORT}/auth/callback`) to use
!PLATFORM.IS_MAC instead of PLATFORM.IS_LINUX, keeping connectUrl,
"local_callback" and sharedEnv.DESKTOP_NOTIFICATIONS_PORT intact.

---

68-72: Consider documenting Windows behavior.

The JSDoc mentions macOS (deep link) and Linux (localhost callback), but PLATFORM also defines IS_WINDOWS. If the desktop app ships on Windows, deep links may also be unreliable there. Worth a brief note on the intended Windows behavior—or an explicit IS_MAC guard instead of IS_LINUX if macOS is the only platform where deep links are known to work.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/desktop/src/lib/trpc/routers/auth/index.ts` around lines 68 - 72, The
JSDoc currently mentions macOS (deep link) and Linux (localhost callback) but
omits Windows; update the comment around the start OAuth sign-in flow to either
(a) explicitly document the intended Windows behavior (e.g., treat Windows like
Linux and use localhost callback if deep links are unreliable) or (b) change the
wording to use an explicit IS_MAC guard language instead of IS_LINUX so it’s
clear deep links are only assumed to work on macOS; reference the PLATFORM /
IS_WINDOWS / IS_MAC symbols used in the auth router to ensure the doc matches
the implemented platform branching.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@apps/desktop/src/lib/trpc/routers/auth/index.ts`:
- Around line 92-98: Replace the platform check that conditions adding the
local_callback (currently using PLATFORM.IS_LINUX) with a non-macOS check so all
non-mac platforms use the localhost fallback; update the if in the auth router
around connectUrl.searchParams.set("local_callback",
`http://127.0.0.1:${sharedEnv.DESKTOP_NOTIFICATIONS_PORT}/auth/callback`) to use
!PLATFORM.IS_MAC instead of PLATFORM.IS_LINUX, keeping connectUrl,
"local_callback" and sharedEnv.DESKTOP_NOTIFICATIONS_PORT intact.
- Around line 68-72: The JSDoc currently mentions macOS (deep link) and Linux
(localhost callback) but omits Windows; update the comment around the start
OAuth sign-in flow to either (a) explicitly document the intended Windows
behavior (e.g., treat Windows like Linux and use localhost callback if deep
links are unreliable) or (b) change the wording to use an explicit IS_MAC guard
language instead of IS_LINUX so it’s clear deep links are only assumed to work
on macOS; reference the PLATFORM / IS_WINDOWS / IS_MAC symbols used in the auth
router to ensure the doc matches the implemented platform branching.

[github-actions]

🧹 Preview Cleanup Complete

The following preview resources have been cleaned up:

• ⚠️ Neon database branch
• ⚠️ Electric Fly.io app
• ⚠️ Streams Fly.io app

Thank you for your contribution! 🎉