import express from "express";
import open from "open";
import axios from "axios";
import { saveConfig, loadConfig } from "./auth.js";
export function performLogin(): Promise<void> {
return new Promise((resolve, reject) => {
const config = loadConfig();
if (!config.clientId || !config.clientSecret) {
const configError = new Error(
"ClickUp client ID and secret not configured. Please run `clickup-mcp configure <clientId> <clientSecret>`",
);
console.error(configError.message);
return reject(configError);
}
const app = express();
const port = 12121;
const redirectUri = `http://localhost:${port}/callback`;
const server = app.listen(port, async () => {
const authUrl = `https://app.clickup.com/api?client_id=${config.clientId}&redirect_uri=${redirectUri}&response_type=code`;
console.log("Opening browser for authentication...");
console.log("Visit this URL if it doesn't open automatically:");
console.log(authUrl);
await open(authUrl);
});
app.get("/callback", async (req, res) => {
const code = req.query.code as string;
if (code) {
try {
const response = await axios.post(
"https://api.clickup.com/api/v2/oauth/token",
null,
{
params: {
client_id: config.clientId,
client_secret: config.clientSecret,
code,
},
},
);
saveConfig({
...config,
accessToken: response.data.access_token,
});
res.send("Authentication successful! You can close this window.");
console.log("Authentication successful.");
server.close(() => resolve());
} catch (error) {
console.error("Error exchanging token:", error);
res.status(500).send("Authentication failed.");
server.close(() => reject(error));
}
} else {
res.status(400).send("Missing code parameter.");
// We don't resolve/reject here? Maybe we should keeps listening?
// Typically we want to reject if it's an error, but maybe user just hit the wrong URL.
// Let's just respond 400 and keep server alive or reject?
// For CLI 'login', if we get a bad request, maybe just ignore it.
// But for coverage purposes, we just handled the branch.
}
});
});
}
