feat: support `shorebird login --no-localhost` for IDX

[YunFeng-Huang]

2024-08-20T15:15:35.687212 Choose an auth provider 2024-08-20T15:15:35.687521 Google 2024-08-20T15:15:35.726079 The Shorebird CLI needs your authorization to manage apps, releases, and patches on your behalf.

In a browser, visit this URL to log in:

https://accounts.google.com/o/oauth2/v2/auth?client_id=523302233293-eia5antm0tgvek240t46orctktiabrek.apps.googleusercontent.com&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A56926&scope=openid+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&code_challenge=p3vvxuIFw_rio6zKz-dNpEr6tzzRDMYL0hBCTD8PaSA&code_challenge_method=S256&state=o356JkM2dLQifeDBtplraS6FM2UrenK1

Waiting for your authorization... 2024-08-20T15:18:11.599404 ClientException with SocketException: Operation timed out (OS Error: Operation timed out, errno = 60), address = oauth2.googleapis.com, port = 57136, uri=https://oauth2.googleapis.com/token 2024-08-20T15:18:11.601627

[bryanoltman]

Are you using Project IDX by any chance? shorebird login needs the ability to start a local http server so it can receive a callback from the authentication provider (Google, in this case). This does not work on Project IDX.

[eseidel]

One thing we could do here is warn about reachability. e.g. from shorebird doctor or otherwise.

[felangel]

One thing we could do here is warn about reachability. e.g. from shorebird doctor or otherwise.

shorebird doctor does include api.shorebird.dev reachability (it was recently added).

[eseidel]

In this case I think oauth2.google.com is the unreachable URL?

[eseidel]

The real fix for these is to fall back to remote-based OAuth, like what Firebase does:

https://github.com/firebase/firebase-tools/blob/master/src/auth.ts#L543 https://github.com/firebase/firebase-tools/blob/master/src/auth.ts#L399

firebase login --no-localhost will also do this explicitly and is what IDX does.