Desktop app: Authenticate with OAuth

[psrpinto]

WIP

Related to #89736 #72754 #55611

Proposed Changes

This PR makes it so that logging into the Desktop app happens in the user's external browser, instead of directly in the app. So, instead of the Desktop app showing calypso's login screen, it shows just a button that when clicked opens calypso's login screen in the user's browser.

Once the user has completed login in their browser, they are redirected to the desktop app, through a URL that carries the access_token, e.g.:

wpcom-local-dev://auth#access_token=foo&expires_in=1209600

The access token is then used to log in the user in the Desktop app.

Why are these changes being made?

Currently the desktop app is unusable for users who, for example, have passkeys. There are also other cases where login in desktop app is broken, see linked issues above. Doing the login externally instead of directly in the desktop app would fix all these issues.

Prior analysis on this has been done in p1717608504988349-slack-C029GN3KD and pdKhl6-49R-p2.

Screen recording

The flow is not completely implemented yet. Currently, upon returning to the app, the user is not yet logged-in.

Screen.Recording.2025-01-16.at.16.39.49.mov

References

• https://developer.wordpress.com/docs/oauth2/

TODO

• Modify the login view in the Desktop app so that it shows only a button
• Open a tab in the user's browser when the above-mentioned button is clicked
• Make it so that the app handles incoming links to ${protocol}:// (electron protocol handling)
• Intercept ${protocol}://auth URLs, store the access token, and redirect calypso to /
• Improve the design of the Desktop login view
• Add new OAuth client_id for Desktop app (currently using Studio's)
• Add a specific protocol for the Desktop app (currently using Studio's)

Testing Instructions

TODO

• Mac
  • Test auto-updater
  • Test login
    • Firefox
    • Chrome
    • Safari
• Windows
  • Test auto-updater
  • Test login
    • Firefox
    • Chrome
    • Edge
• Linux
  • Test auto-updater
  • Test login
    • Firefox
    • Chrome/Chromium

Pre-merge Checklist

• Has the general commit checklist been followed? (PCYsg-hS-p2)
• Have you written new tests for your changes?
• Have you tested the feature in Simple (P9HQHe-k8-p2), Atomic (P9HQHe-jW-p2), and self-hosted Jetpack sites (PCYsg-g6b-p2)?
• Have you checked for TypeScript, React or other console errors?
• Have you used memoizing on expensive computations? More info in Memoizing with create-selector and Using memoizing selectors and Our Approach to Data
• Have we added the "[Status] String Freeze" label as soon as any new strings were ready for translation (p4TIVU-5Jq-p2)?
  • For UI changes, have we tested the change in various languages (for example, ES, PT, FR, or DE)? The length of text and words vary significantly between languages.
• For changes affecting Jetpack: Have we added the "[Status] Needs Privacy Updates" label if this pull request changes what data or activity we track or use (p4TIVU-aUh-p2)?

[github-actions]

Calypso Live (direct link)

https://calypso.live?image=registry.a8c.com/calypso/app:build-131691

Jetpack Cloud live (direct link)

https://calypso.live?image=registry.a8c.com/calypso/app:build-131691&env=jetpack

Automattic for Agencies live (direct link)

https://calypso.live?image=registry.a8c.com/calypso/app:build-131691&env=a8c-for-agencies

[matticbot]

This PR modifies the release build for the following Calypso Apps:

For info about this notification, see here: PCYsg-OT6-p2

• notifications
• wpcom-block-editor

To test WordPress.com changes, run install-plugin.sh $pluginSlug desktop-oauth on your sandbox.

[matticbot]

Here is how your PR affects size of JS and CSS bundles shipped to the user's browser:

App Entrypoints (~553 bytes added 📈 [gzipped])

name                   parsed_size           gzip_size
entry-login                +1919 B  (+0.1%)     +652 B  (+0.1%)
entry-main                  -342 B  (-0.0%)      -99 B  (-0.0%)
entry-stepper               -234 B  (-0.0%)      -84 B  (-0.0%)
entry-subscriptions         -126 B  (-0.0%)      -42 B  (-0.0%)
entry-domains-landing       -126 B  (-0.0%)      -42 B  (-0.0%)
entry-browsehappy           -126 B  (-0.1%)      -42 B  (-0.1%)

Common code that is always downloaded and parsed every time the app is loaded, no matter which route is used.

Sections (~9258 bytes added 📈 [gzipped])

name               parsed_size           gzip_size
stepper-user-step       -196 B  (-0.1%)     -703 B  (-0.9%)
signup                  -154 B  (-0.1%)    -1062 B  (-1.6%)
accept-invite           -154 B  (-0.1%)     -797 B  (-1.5%)

Sections contain code specific for a given set of routes. Is downloaded and parsed only when a particular route is navigated to.

Legend

What is parsed and gzip size?

Parsed Size: Uncompressed size of the JS and CSS files. This much code needs to be parsed and stored in memory.
Gzip Size: Compressed size of the JS and CSS files. This much data needs to be downloaded over network.

Generated by performance advisor bot at iscalypsofastyet.com.