Problem Description

Coder CLI and Coder Desktop (macOS/Windows) require separate sign-ins, leading to duplicate steps and inconsistent states. Desktop already handles token lifecycle in-app, but there’s no coordination with the CLI.

Desired Solution

Enable a unified sign-in experience so logging in or out from either CLI or Desktop updates the other automatically, using OS-native secure storage and consistent state handling.

Requirements

• Single Sign-In Flow

  • Login via CLI → Desktop adopts session; login via Desktop → CLI adopts session.
  • Keep existing CLI browser-based login (/cli-auth) unchanged.

• Shared Secure Storage

  • macOS: System Keychain
  • Windows: Windows Credential Manager
  • One shared, canonical store per platform—avoid duplicates.

• State Sync

  • Use a lightweight presence signal (e.g., file or metadata) to detect auth state changes at startup and periodically.
  • Ensure both clients handle token refresh/expiry consistently.

• Cross-Client Logout

  • Logout in one client clears session in the other within a short delay.

• Multi-Deployment Support

  • Sync should be scoped per deployment/host to avoid cross-environment conflicts.

• Migration

  • On first run, migrate existing credentials into the canonical store.

• macOS
• Windows