@slates/cli 1.0.0-rc.2 → 1.0.0-rc.5

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@slates/cli",
-  "version": "1.0.0-rc.2",
+  "version": "1.0.0-rc.5",
   "publishConfig": {
     "access": "public"
   },
@@ -25,8 +25,9 @@
   },
   "dependencies": {
     "@inquirer/prompts": "^7.4.0",
-    "@slates/client": "1.0.0-rc.2",
-    "@slates/profiles": "1.0.0-rc.2",
+    "@slates/client": "1.0.0-rc.7",
+    "@slates/oauth-microsoft": "1.0.0-rc.2",
+    "@slates/profiles": "1.0.0-rc.5",
     "sade": "^1.8.1"
   },
   "devDependencies": {

package/src/cli.ts

@@ -59,203 +59,233 @@ if (isGlobalTestCommand) {
 
   cli.parse([process.argv[0] ?? 'bun', process.argv[1] ?? 'slates', ...argv]);
 } else {
+  cli
+    .command('profiles add')
+    .option('--name', 'Profile name')
+    .option('--entry', 'Local slate entry file')
+    .option('--export-name', 'Named export for the local slate provider')
+    .option('--default', 'Use this profile as the default')
+    .action(opts =>
+      printResult(() =>
+        addProfile({
+          integration: integration!,
+          name: opts.name,
+          entry: opts.entry,
+          exportName: opts.exportName,
+          useAsDefault: Boolean(opts.default)
+        })
+      )
+    );
 
-cli
-  .command('profiles add')
-  .option('--name', 'Profile name')
-  .option('--entry', 'Local slate entry file')
-  .option('--export-name', 'Named export for the local slate provider')
-  .option('--default', 'Use this profile as the default')
-  .action(opts =>
-    printResult(() =>
-      addProfile({
-        integration: integration!,
-        name: opts.name,
-        entry: opts.entry,
-        exportName: opts.exportName,
-        useAsDefault: Boolean(opts.default)
-      })
-    )
-  );
+  cli
+    .command('profiles list')
+    .action(() => printResult(() => listProfiles({ integration: integration! })));
 
-cli
-  .command('profiles list')
-  .action(() => printResult(() => listProfiles({ integration: integration! })));
+  cli
+    .command('profiles get [profile]')
+    .action((profile: string | undefined) =>
+      printResult(() => getProfile({ integration: integration!, profile }))
+    );
 
-cli
-  .command('profiles get [profile]')
-  .action((profile: string | undefined) =>
-    printResult(() => getProfile({ integration: integration!, profile }))
-  );
+  cli
+    .command('profiles use [profile]')
+    .action((profile: string | undefined) =>
+      printResult(() => useProfile({ integration: integration!, profile }))
+    );
 
-cli
-  .command('profiles use [profile]')
-  .action((profile: string | undefined) =>
-    printResult(() => useProfile({ integration: integration!, profile }))
-  );
+  cli
+    .command('profiles remove [profile]')
+    .action((profile: string | undefined) =>
+      printResult(() => removeProfile({ integration: integration!, profile }))
+    );
 
-cli
-  .command('profiles remove [profile]')
-  .action((profile: string | undefined) =>
-    printResult(() => removeProfile({ integration: integration!, profile }))
-  );
+  cli
+    .command('setup')
+    .option('--name', 'Profile name')
+    .option('--export-name', 'Named export for the local slate provider')
+    .action(opts =>
+      printResult(() =>
+        setupIntegration({
+          integration: integration!,
+          name: opts.name,
+          exportName: opts.exportName
+        })
+      )
+    );
 
-cli
-  .command('setup')
-  .option('--name', 'Profile name')
-  .option('--export-name', 'Named export for the local slate provider')
-  .action(opts =>
-    printResult(() =>
-      setupIntegration({
-        integration: integration!,
-        name: opts.name,
-        exportName: opts.exportName
-      })
-    )
-  );
+  cli
+    .command('tools list')
+    .option('--profile', 'Profile ID or name')
+    .action(opts =>
+      printResult(() =>
+        listTools({
+          integration: integration!,
+          profile: opts.profile
+        })
+      )
+    );
 
-cli
-  .command('tools list')
-  .option('--profile', 'Profile ID or name')
-  .action(opts => printResult(() => listTools({ integration: integration!, profile: opts.profile })));
+  cli
+    .command('tools get [toolId]')
+    .option('--profile', 'Profile ID or name')
+    .action((toolId: string | undefined, opts) =>
+      printResult(() =>
+        getTool({
+          integration: integration!,
+          profile: opts.profile,
+          toolId
+        })
+      )
+    );
 
-cli
-  .command('tools get [toolId]')
-  .option('--profile', 'Profile ID or name')
-  .action((toolId: string | undefined, opts) =>
-    printResult(() => getTool({ integration: integration!, profile: opts.profile, toolId }))
-  );
-
-cli
-  .command('tools schema [toolId]')
-  .option('--profile', 'Profile ID or name')
-  .action((toolId: string | undefined, opts) =>
-    printResult(async () => {
-      let tool = await getTool({ integration: integration!, profile: opts.profile, toolId });
-      return tool.inputSchema;
-    })
-  );
-
-cli
-  .command('tools call [toolId]')
-  .option('--profile', 'Profile ID or name')
-  .option('--input', 'JSON input object')
-  .option('--auth-method-id', 'Preferred auth method ID')
-  .action((toolId: string | undefined, opts) =>
-    printResult(() =>
-      callTool({
-        integration: integration!,
-        profile: opts.profile,
-        toolId,
-        input: opts.input,
-        authMethodId: opts.authMethodId
+  cli
+    .command('tools schema [toolId]')
+    .option('--profile', 'Profile ID or name')
+    .action((toolId: string | undefined, opts) =>
+      printResult(async () => {
+        let tool = await getTool({
+          integration: integration!,
+          profile: opts.profile,
+          toolId
+        });
+        return tool.inputSchema;
       })
-    )
-  );
+    );
 
-cli
-  .command('auth list')
-  .option('--profile', 'Profile ID or name')
-  .action(opts => printResult(() => listAuth({ integration: integration!, profile: opts.profile })));
+  cli
+    .command('tools call [toolId]')
+    .option('--profile', 'Profile ID or name')
+    .option('--input', 'JSON input object')
+    .option('--auth-method-id', 'Preferred auth method ID')
+    .action((toolId: string | undefined, opts) =>
+      printResult(() =>
+        callTool({
+          integration: integration!,
+          profile: opts.profile,
+          toolId,
+          input: opts.input,
+          authMethodId: opts.authMethodId
+        })
+      )
+    );
 
-cli
-  .command('auth get [authMethodId]')
-  .option('--profile', 'Profile ID or name')
-  .action((authMethodId: string | undefined, opts) =>
-    printResult(() => getAuth({ integration: integration!, profile: opts.profile, authMethodId }))
-  );
+  cli
+    .command('auth list')
+    .option('--profile', 'Profile ID or name')
+    .action(opts =>
+      printResult(() => listAuth({ integration: integration!, profile: opts.profile }))
+    );
 
-cli
-  .command('auth setup [authMethodId]')
-  .option('--profile', 'Profile ID or name')
-  .option('--input', 'JSON auth input object')
-  .option('--oauth-credential', 'OAuth credential ID or name')
-  .option('--client-id', 'OAuth client ID')
-  .option('--client-secret', 'OAuth client secret')
-  .option('--scopes', 'Comma-separated OAuth scopes')
-  .action((authMethodId: string | undefined, opts) =>
-    printResult(() =>
-      setupAuth({
-        integration: integration!,
-        profile: opts.profile,
-        authMethodId,
-        input: opts.input,
-        oauthCredential: opts.oauthCredential,
-        clientId: opts.clientId,
-        clientSecret: opts.clientSecret,
-        scopes: opts.scopes
-      })
-    )
-  );
+  cli
+    .command('auth get [authMethodId]')
+    .option('--profile', 'Profile ID or name')
+    .action((authMethodId: string | undefined, opts) =>
+      printResult(() =>
+        getAuth({ integration: integration!, profile: opts.profile, authMethodId })
+      )
+    );
 
-cli
-  .command('auth credentials list [authMethodId]')
-  .action((authMethodId: string | undefined) =>
-    printResult(() => listOAuthCredentials({ integration: integration!, authMethodId }))
-  );
+  cli
+    .command('auth setup [authMethodId]')
+    .option('--profile', 'Profile ID or name')
+    .option('--input', 'JSON auth input object')
+    .option('--oauth-credential', 'OAuth credential ID or name')
+    .option('--client-id', 'OAuth client ID')
+    .option('--client-secret', 'OAuth client secret')
+    .option('--scopes', 'Comma-separated OAuth scopes')
+    .action((authMethodId: string | undefined, opts) =>
+      printResult(() =>
+        setupAuth({
+          integration: integration!,
+          profile: opts.profile,
+          authMethodId,
+          input: opts.input,
+          oauthCredential: opts.oauthCredential,
+          clientId: opts.clientId,
+          clientSecret: opts.clientSecret,
+          scopes: opts.scopes
+        })
+      )
+    );
 
-cli
-  .command('auth credentials add [authMethodId]')
-  .option('--name', 'Credential name')
-  .option('--client-id', 'OAuth client ID')
-  .option('--client-secret', 'OAuth client secret')
-  .action((authMethodId: string | undefined, opts) =>
-    printResult(() =>
-      addOAuthCredentials({
-        integration: integration!,
-        authMethodId,
-        name: opts.name,
-        clientId: opts.clientId,
-        clientSecret: opts.clientSecret
-      })
-    )
-  );
+  cli
+    .command('auth credentials list [authMethodId]')
+    .action((authMethodId: string | undefined) =>
+      printResult(() => listOAuthCredentials({ integration: integration!, authMethodId }))
+    );
 
-cli
-  .command('auth refresh [authMethodId]')
-  .option('--profile', 'Profile ID or name')
-  .action((authMethodId: string | undefined, opts) =>
-    printResult(() => refreshAuth({ integration: integration!, profile: opts.profile, authMethodId }))
-  );
+  cli
+    .command('auth credentials add [authMethodId]')
+    .option('--name', 'Credential name')
+    .option('--client-id', 'OAuth client ID')
+    .option('--client-secret', 'OAuth client secret')
+    .action((authMethodId: string | undefined, opts) =>
+      printResult(() =>
+        addOAuthCredentials({
+          integration: integration!,
+          authMethodId,
+          name: opts.name,
+          clientId: opts.clientId,
+          clientSecret: opts.clientSecret
+        })
+      )
+    );
 
-cli
-  .command('config get')
-  .option('--profile', 'Profile ID or name')
-  .action(opts => printResult(() => getConfig({ integration: integration!, profile: opts.profile })));
+  cli
+    .command('auth refresh [authMethodId]')
+    .option('--profile', 'Profile ID or name')
+    .action((authMethodId: string | undefined, opts) =>
+      printResult(() =>
+        refreshAuth({ integration: integration!, profile: opts.profile, authMethodId })
+      )
+    );
 
-cli
-  .command('config set')
-  .option('--profile', 'Profile ID or name')
-  .option('--input', 'JSON config object')
-  .action(opts =>
-    printResult(() => setConfig({ integration: integration!, profile: opts.profile, input: opts.input }))
-  );
+  cli
+    .command('config get')
+    .option('--profile', 'Profile ID or name')
+    .action(opts =>
+      printResult(() => getConfig({ integration: integration!, profile: opts.profile }))
+    );
 
-cli
-  .command('config schema')
-  .option('--profile', 'Profile ID or name')
-  .action(opts => printResult(() => getConfigSchema({ integration: integration!, profile: opts.profile })));
+  cli
+    .command('config set')
+    .option('--profile', 'Profile ID or name')
+    .option('--input', 'JSON config object')
+    .action(opts =>
+      printResult(() =>
+        setConfig({ integration: integration!, profile: opts.profile, input: opts.input })
+      )
+    );
 
-cli
-  .command('test')
-  .option('--profile', 'Profile ID or name')
-  .action(opts =>
-    printResult(async () => {
-      let separatorIndex = process.argv.indexOf('--');
-      await runVitestWithProfile({
-        integration: integration!,
-        profile: opts.profile,
-        vitestArgs: separatorIndex === -1 ? [] : process.argv.slice(separatorIndex + 1)
-      });
+  cli
+    .command('config schema')
+    .option('--profile', 'Profile ID or name')
+    .action(opts =>
+      printResult(() => getConfigSchema({ integration: integration!, profile: opts.profile }))
+    );
 
-      return { success: true };
-    })
-  );
+  cli
+    .command('test')
+    .option('--profile', 'Profile ID or name')
+    .action(opts =>
+      printResult(async () => {
+        let separatorIndex = process.argv.indexOf('--');
+        await runVitestWithProfile({
+          integration: integration!,
+          profile: opts.profile,
+          vitestArgs: separatorIndex === -1 ? [] : process.argv.slice(separatorIndex + 1)
+        });
+
+        return { success: true };
+      })
+    );
 
-cli
-  .command('repl')
-  .option('--profile', 'Profile ID or name')
-  .action(opts => printResult(() => startRepl({ integration: integration!, profile: opts.profile })));
+  cli
+    .command('repl')
+    .option('--profile', 'Profile ID or name')
+    .action(opts =>
+      printResult(() => startRepl({ integration: integration!, profile: opts.profile }))
+    );
 
   cli.parse([process.argv[0] ?? 'bun', process.argv[1] ?? 'slates', ...argv.slice(1)]);
 }

package/src/commands/auth.test.ts

@@ -0,0 +1,36 @@
+import { describe, expect, it } from 'vitest';
+import { normalizeCallbackRedirectUriForIntegration } from './auth';
+
+describe('normalizeCallbackRedirectUriForIntegration', () => {
+  it('normalizes Notion loopback redirects to localhost', () => {
+    expect(
+      normalizeCallbackRedirectUriForIntegration('notion', 'http://127.0.0.1:45873/callback')
+    ).toBe('http://localhost:45873/callback');
+  });
+
+  it('leaves unrelated integration redirects unchanged', () => {
+    expect(
+      normalizeCallbackRedirectUriForIntegration('attio', 'http://127.0.0.1:45873/callback')
+    ).toBe('http://127.0.0.1:45873/callback');
+  });
+
+  it('normalizes HubSpot developer platform OAuth redirects to localhost', () => {
+    expect(
+      normalizeCallbackRedirectUriForIntegration(
+        'hubspot',
+        'http://127.0.0.1:45873/callback',
+        'developer_platform_oauth'
+      )
+    ).toBe('http://localhost:45873/callback');
+  });
+
+  it('leaves HubSpot legacy OAuth redirects unchanged', () => {
+    expect(
+      normalizeCallbackRedirectUriForIntegration(
+        'hubspot',
+        'http://127.0.0.1:45873/callback',
+        'oauth'
+      )
+    ).toBe('http://127.0.0.1:45873/callback');
+  });
+});

package/src/commands/auth.ts

@@ -1,4 +1,8 @@
 import { confirm, select } from '@inquirer/prompts';
+import {
+  normalizeMicrosoftRedirectUri,
+  normalizeMicrosoftRedirectUriForIntegration
+} from '@slates/oauth-microsoft';
 import { SlatesOAuthCredentialRecord, SlatesStoredAuth } from '@slates/profiles';
 import {
   chooseAuthMethod,
@@ -6,7 +10,7 @@ import {
   createIntegrationClientContext,
   openIntegrationStore
 } from '../lib/context';
-import { chooseScopes, createOAuthCallbackListener, openBrowser } from '../lib/oauth';
+import { chooseScopes, createOAuthCallbackListener, printBrowserUrl } from '../lib/oauth';
 import {
   parseJsonObject,
   parseList,
@@ -16,6 +20,14 @@ import {
 import { JsonInput, WithProfile } from '../lib/types';
 
 type JsonObject = Record<string, any>;
+let NOTION_INTEGRATION_KEY = 'notion';
+let SALESFORCE_INTEGRATION_KEY = 'salesforce';
+let HUBSPOT_INTEGRATION_KEY = 'hubspot';
+let HUBSPOT_DEVELOPER_PLATFORM_OAUTH_METHOD_ID = 'developer_platform_oauth';
+let LOOPBACK_REDIRECT_NORMALIZED_INTEGRATIONS = new Set([
+  NOTION_INTEGRATION_KEY,
+  SALESFORCE_INTEGRATION_KEY
+]);
 
 type AuthSetupOptions = WithProfile &
   JsonInput & {
@@ -26,6 +38,22 @@ type AuthSetupOptions = WithProfile &
     scopes?: string;
   };
 
+export let normalizeCallbackRedirectUriForIntegration = (
+  integration: string,
+  redirectUri: string,
+  authMethodId?: string
+) => {
+  if (
+    LOOPBACK_REDIRECT_NORMALIZED_INTEGRATIONS.has(integration) ||
+    (integration === HUBSPOT_INTEGRATION_KEY &&
+      authMethodId === HUBSPOT_DEVELOPER_PLATFORM_OAUTH_METHOD_ID)
+  ) {
+    return normalizeMicrosoftRedirectUri(redirectUri);
+  }
+
+  return normalizeMicrosoftRedirectUriForIntegration(integration, redirectUri);
+};
+
 export let listAuth = async (opts: WithProfile) => {
   let { store, profile } = await createClientContext(opts);
   return store.listAuth(profile.id);
@@ -231,7 +259,11 @@ let chooseOAuthCredentialsForSetup = async (opts: {
 };
 
 let runAuthSetup = async (opts: AuthSetupOptions): Promise<SlatesStoredAuth> => {
-  let { store, profile, client } = await createClientContext(opts);
+  let { store, profile, client } = await createClientContext({
+    ...opts,
+    autoRefresh: false
+  });
+  client.clearAuth();
   let authMethod = await chooseAuthMethod({
     client,
     authMethodId: opts.authMethodId,
@@ -263,7 +295,12 @@ let runAuthSetup = async (opts: AuthSetupOptions): Promise<SlatesStoredAuth> =>
 
   if (authMethod.type === 'auth.oauth') {
     let callback = await createOAuthCallbackListener();
-    console.log(`OAuth redirect URL: ${callback.redirectUri}`);
+    let redirectUri = normalizeCallbackRedirectUriForIntegration(
+      opts.integration,
+      callback.redirectUri,
+      authMethod.id
+    );
+    console.log(`OAuth redirect URL: ${redirectUri}`);
 
     let resolvedOAuthCredentials = await chooseOAuthCredentialsForSetup({
       store,
@@ -282,7 +319,7 @@ let runAuthSetup = async (opts: AuthSetupOptions): Promise<SlatesStoredAuth> =>
 
     let authorizationUrl = await client.getAuthorizationUrl({
       authenticationMethodId: authMethod.id,
-      redirectUri: callback.redirectUri,
+      redirectUri,
       state: callback.state,
       input: authInput,
       clientId,
@@ -293,7 +330,7 @@ let runAuthSetup = async (opts: AuthSetupOptions): Promise<SlatesStoredAuth> =>
     callbackState = authorizationUrl.callbackState ?? null;
     finalInput = authorizationUrl.input ?? authInput;
 
-    await openBrowser(authorizationUrl.authorizationUrl);
+    printBrowserUrl(authorizationUrl.authorizationUrl);
     let callbackResult = await callback.wait();
     if (callbackResult.state !== callback.state) {
       throw new Error('OAuth state mismatch.');
@@ -303,7 +340,7 @@ let runAuthSetup = async (opts: AuthSetupOptions): Promise<SlatesStoredAuth> =>
       authenticationMethodId: authMethod.id,
       code: callbackResult.code,
       state: callbackResult.state,
-      redirectUri: callback.redirectUri,
+      redirectUri,
       input: finalInput,
       clientId,
       clientSecret,

package/src/commands/test.ts

@@ -47,6 +47,7 @@ export let runVitestWithProfile = async (opts: WithProfile & { vitestArgs: strin
       {
         integration: integration.relativeDir,
         profileId: profile.id,
+        rootDir: store.rootDir,
         storePath: store.storePath,
         cliDir: store.dirPath
       },
@@ -64,6 +65,7 @@ export let runVitestWithProfile = async (opts: WithProfile & { vitestArgs: strin
       SLATES_INTEGRATION: integration.relativeDir,
       SLATES_PROFILE_ID: profile.id,
       SLATES_CLI_DIR: store.dirPath,
+      SLATES_STORE_ROOT_DIR: store.rootDir,
       SLATES_STORE_PATH: store.storePath,
       SLATES_TEST_CONTEXT_PATH: contextPath
     }

package/src/lib/context.ts

@@ -71,9 +71,16 @@ export let chooseProfile = async (d: {
   };
 };
 
-export let createClientContext = async (opts: { integration: string; profile?: string }) => {
+export let createClientContext = async (opts: {
+  integration: string;
+  profile?: string;
+  autoRefresh?: boolean;
+}) => {
   let { integration, store, profile } = await chooseProfile(opts);
-  let client = await createSlatesClientFromProfile(profile, { store });
+  let client = await createSlatesClientFromProfile(profile, {
+    store,
+    autoRefresh: opts.autoRefresh
+  });
   return { integration, store, profile, client };
 };
 

package/src/lib/integration.ts

@@ -36,17 +36,24 @@ let isWithinRoot = (rootDir: string, targetPath: string) => {
 
 let resolveIntegrationDir = async (input: string, cwd: string) => {
   let rootDir = resolveSlatesCliRoot(cwd);
-  let namedPath = path.join(rootDir, 'integrations', input);
+  let integrationRoots = [
+    path.join(rootDir, 'integrations'),
+    path.join(rootDir, 'test-integrations')
+  ];
+
   if (!input.includes(path.sep) && !input.includes('/')) {
-    if (await pathExists(path.join(namedPath, 'package.json'))) {
-      return { rootDir, dirPath: namedPath };
+    for (let root of integrationRoots) {
+      let namedPath = path.join(root, input);
+      if (await pathExists(path.join(namedPath, 'package.json'))) {
+        return { rootDir, dirPath: namedPath };
+      }
     }
   }
 
   let candidate = path.resolve(cwd, input);
   if (!(await pathExists(path.join(candidate, 'package.json')))) {
     throw new Error(
-      `Could not resolve integration "${input}". Pass an integration name from \`integrations/\` or a relative path to an integration directory.`
+      `Could not resolve integration "${input}". Pass an integration name from \`integrations/\` or \`test-integrations/\`, or a relative path to an integration directory.`
     );
   }
 
@@ -103,32 +110,41 @@ export let resolveIntegration = async (
 export let listWorkspaceIntegrations = async (opts: { cwd?: string } = {}) => {
   let cwd = opts.cwd ?? process.cwd();
   let rootDir = resolveSlatesCliRoot(cwd);
-  let integrationsDir = path.join(rootDir, 'integrations');
+  let integrationRoots = [
+    path.join(rootDir, 'integrations'),
+    path.join(rootDir, 'test-integrations')
+  ];
+
+  let integrations: WorkspaceIntegrationSummary[] = [];
+
+  for (let integrationsDir of integrationRoots) {
+    if (!(await pathExists(integrationsDir))) {
+      continue;
+    }
 
-  if (!(await pathExists(integrationsDir))) {
-    return [];
+    let entries = await readdir(integrationsDir, { withFileTypes: true });
+    let chunk = await Promise.all(
+      entries
+        .filter(entry => entry.isDirectory())
+        .map(async entry => {
+          let dirPath = path.join(integrationsDir, entry.name);
+          if (!(await pathExists(path.join(dirPath, 'package.json')))) {
+            return null;
+          }
+
+          return {
+            rootDir,
+            dirPath,
+            relativeDir: toPosixPath(path.relative(rootDir, dirPath)),
+            name: entry.name
+          } satisfies WorkspaceIntegrationSummary;
+        })
+    );
+
+    integrations.push(
+      ...chunk.filter((integration): integration is WorkspaceIntegrationSummary => integration !== null)
+    );
   }
 
-  let entries = await readdir(integrationsDir, { withFileTypes: true });
-  let integrations = await Promise.all(
-    entries
-      .filter(entry => entry.isDirectory())
-      .map(async entry => {
-        let dirPath = path.join(integrationsDir, entry.name);
-        if (!(await pathExists(path.join(dirPath, 'package.json')))) {
-          return null;
-        }
-
-        return {
-          rootDir,
-          dirPath,
-          relativeDir: toPosixPath(path.relative(rootDir, dirPath)),
-          name: entry.name
-        } satisfies WorkspaceIntegrationSummary;
-      })
-  );
-
-  return integrations
-    .filter((integration): integration is WorkspaceIntegrationSummary => integration !== null)
-    .sort((a, b) => a.name.localeCompare(b.name));
+  return integrations.sort((a, b) => a.relativeDir.localeCompare(b.relativeDir));
 };

package/src/lib/oauth.ts

@@ -1,10 +1,7 @@
 import { checkbox } from '@inquirer/prompts';
-import { execFile } from 'child_process';
 import { randomUUID } from 'crypto';
 import { createServer } from 'http';
-import { promisify } from 'util';
 
-let execFileAsync = promisify(execFile);
 let DEFAULT_OAUTH_CALLBACK_PORT = 45873;
 
 export let chooseScopes = async (
@@ -21,27 +18,16 @@ export let chooseScopes = async (
     choices: authMethod.scopes.map((scope: any) => ({
       name: `${scope.title} (${scope.id})`,
       value: scope.id,
-      checked: initialScopes.length > 0 ? initialScopes.includes(scope.id) : true
+      checked:
+        initialScopes.length > 0
+          ? initialScopes.includes(scope.id)
+          : (scope.defaultChecked ?? true)
     }))
   })) as string[];
 };
 
-export let openBrowser = async (url: string) => {
-  try {
-    if (process.platform === 'darwin') {
-      await execFileAsync('open', [url]);
-      return;
-    }
-
-    if (process.platform === 'win32') {
-      await execFileAsync('cmd', ['/c', 'start', '', url]);
-      return;
-    }
-
-    await execFileAsync('xdg-open', [url]);
-  } catch {
-    console.log(`Open this URL in your browser:\n${url}`);
-  }
+export let printBrowserUrl = (url: string) => {
+  console.log(`Open this URL in your browser:\n${url}`);
 };
 
 export let createOAuthCallbackListener = async () => {
@@ -59,10 +45,34 @@ export let createOAuthCallbackListener = async () => {
         let url = new URL(req.url ?? '/', 'http://127.0.0.1');
         let code = url.searchParams.get('code');
         let state = url.searchParams.get('state');
+        let oauthError = url.searchParams.get('error');
+        let oauthErrorDescription = url.searchParams.get('error_description');
+        let oauthErrorUri = url.searchParams.get('error_uri');
+
+        if (oauthError) {
+          let description = oauthErrorDescription ?? 'No error description was provided.';
+          let errorMessage = `OAuth callback returned "${oauthError}": ${description}${
+            oauthErrorUri ? ` (${oauthErrorUri})` : ''
+          }`;
+
+          res.statusCode = 400;
+          res.end(errorMessage);
+          server.close();
+          settled = true;
+          waiter.reject(new Error(errorMessage));
+          return;
+        }
 
         if (!code || !state) {
           res.statusCode = 400;
           res.end('Missing code or state.');
+          server.close();
+          settled = true;
+          waiter.reject(
+            new Error(
+              `OAuth callback did not include the required query parameters. Received path: ${url.pathname}${url.search}`
+            )
+          );
           return;
         }