Class OAuthFlowManager

Manages OAuth authentication flows adapted for VS Code.

Unlike browser-based OAuth flows, VS Code requires:

Opening system browser instead of popup window
Custom URI handler for OAuth callbacks
State-based CSRF protection
Timeout handling for abandoned flows

Example

const oauthManager = new OAuthFlowManager(context, logger);
await oauthManager.initialize();

try {
  const result = await oauthManager.startOAuthFlow('github');
  console.log('Authenticated with token:', result.token);
} catch (error) {
  console.error('OAuth flow failed:', error);
}

Hierarchy (View Summary)

BaseService
- OAuthFlowManager

Index

Constructors

constructor

new OAuthFlowManager(
context: ExtensionContext,
logger: ILogger,
): OAuthFlowManager
Parameters
- context: ExtensionContext
- logger: ILogger
Returns OAuthFlowManager
Overrides BaseService.constructor
- Defined in src/services/core/oauthFlowManager.ts:103

Properties

`Private` `Readonly`extensionId

extensionId: string

Extension identifier used for URI handler registration

`Protected` `Readonly`logger

logger: ILogger

Logger instance for this service

`Protected` `Readonly`name

name: string

Service name for logging

`Private`pendingFlows

pendingFlows: Map<string, OAuthPendingFlow> = ...

Map of pending OAuth flows indexed by state parameter. State provides CSRF protection and flow tracking.

`Private` `Optional`uriHandlerDisposable

uriHandlerDisposable?: Disposable

Disposable for URI handler

`Private` `Static` `Readonly`FLOW_TIMEOUT_MS

FLOW_TIMEOUT_MS: number = ...

Timeout duration for OAuth flows (5 minutes)

Accessors

state

get state(): ServiceState
Gets the current service state.

Returns ServiceState
Inherited from BaseService.state
- Defined in src/services/core/baseService.ts:94

Methods

`Protected`assertReady

assertReady(): void
Asserts that the service is ready for use. Throws an error if the service is not in the Ready state.

Returns void
Throws
Error if service is not ready
Inherited from BaseService.assertReady
- Defined in src/services/core/baseService.ts:154

dispose

dispose(): Promise<void>
Disposes the service and cleans up resources. Ensures disposal only happens once.

Returns Promise<void>
Inherited from BaseService.dispose
- Defined in src/services/core/baseService.ts:129

getPendingFlowCount

getPendingFlowCount(): number
Get count of pending OAuth flows (for testing/debugging).

Returns number
- Defined in src/services/core/oauthFlowManager.ts:611

`Private`handleOAuthCallback

handleOAuthCallback(uri: Uri): Promise<void>
Handle OAuth callback from URI handler.

This method:
1. Extracts state and token from callback URI
2. Validates state parameter (CSRF protection)
3. Resolves the pending OAuth flow promise
Parameters
- uri: Uri
  Callback URI from OAuth provider
Returns Promise<void>
- Defined in src/services/core/oauthFlowManager.ts:458

initialize

initialize(): Promise<void>
Initializes the service. Ensures initialization only happens once and tracks state.

Returns Promise<void>
Inherited from BaseService.initialize
- Defined in src/services/core/baseService.ts:102

`Protected`onDispose

onDispose(): Promise<void>
Clean up OAuth flow manager.

Returns Promise<void>
Overrides BaseService.onDispose
- Defined in src/services/core/oauthFlowManager.ts:155

`Protected`onInitialize

onInitialize(): Promise<void>
Initialize OAuth flow manager and register URI handler.

Returns Promise<void>
Overrides BaseService.onInitialize
- Defined in src/services/core/oauthFlowManager.ts:114

startOAuthFlow

startOAuthFlow(provider: OAuthProvider): Promise<OAuthResult>
Start an OAuth authentication flow.

This method:
1. Generates a secure random state parameter (CSRF protection)
2. Gets OAuth authorization URL from the platform API
3. Opens system browser to the authorization URL
4. Waits for OAuth callback via URI handler
5. Returns the authentication token
Parameters
- provider: OAuthProvider
  OAuth provider (github or linkedin)
Returns Promise<OAuthResult>
Promise that resolves with authentication token
Throws
Error if flow times out, is cancelled, or fails
Example
```
try {
  const result = await oauthManager.startOAuthFlow('github');
  console.log('Token:', result.token);
} catch (error) {
  if (error.message.includes('timeout')) {
    console.log('User did not complete authentication in time');
  }
}
```
- Defined in src/services/core/oauthFlowManager.ts:197

`Private`validateAndConsume

validateAndConsume(state: string): OAuthPendingFlow
Validate OAuth state parameter and consume the pending flow.

This method provides CSRF protection by:
- Checking if state exists in pending flows
- Verifying the flow hasn't expired (TTL check)
- Removing state after validation (one-time use)
Parameters
- state: string
  State parameter from OAuth callback
Returns OAuthPendingFlow
Pending flow if valid, null otherwise
- Defined in src/services/core/oauthFlowManager.ts:576

Class OAuthFlowManager

Example

Hierarchy (View Summary)

Index

Constructors

Properties

Accessors

Methods

Constructors

constructor

Parameters

Returns OAuthFlowManager

Properties

Private ReadonlyextensionId

Protected Readonlylogger

Protected Readonlyname

PrivatependingFlows

Private OptionaluriHandlerDisposable

Private Static ReadonlyFLOW_TIMEOUT_MS

Accessors

state

Returns ServiceState

Methods

ProtectedassertReady

Returns void

Throws

dispose

Returns Promise<void>

getPendingFlowCount

Returns number

PrivatehandleOAuthCallback

Parameters

Returns Promise<void>

initialize

Returns Promise<void>

ProtectedonDispose

Returns Promise<void>

ProtectedonInitialize

Returns Promise<void>

startOAuthFlow

Parameters

Returns Promise<OAuthResult>

Throws

Example

PrivatevalidateAndConsume

Parameters

Returns OAuthPendingFlow

Settings

On This Page

`Private` `Readonly`extensionId

`Protected` `Readonly`logger

`Protected` `Readonly`name

`Private`pendingFlows

`Private` `Optional`uriHandlerDisposable

`Private` `Static` `Readonly`FLOW_TIMEOUT_MS

`Protected`assertReady

`Private`handleOAuthCallback

`Protected`onDispose

`Protected`onInitialize

`Private`validateAndConsume