feat: browser SSO via Chrome cookie reading (browser-cookie3)#342
Merged
Conversation
Enables authenticated access to sites like X/Twitter and LinkedIn that use browser session cookies rather than OAuth or API keys. Core logic lives entirely in auth/ — BrowserFlow.run_login() reads Chrome's on-disk SQLite cookie database via browser-cookie3 (macOS Keychain / Linux GNOME Keyring / Windows DPAPI), opens the site in the user's default browser if no valid session exists, then polls until the required auth cookies appear. No separate Chrome profile, no Playwright. - auth/browser_cookies.py: read_chrome_cookies(), cookies_are_valid(), normalize_jsessionid() with lazy browser-cookie3 import - auth/flows/browser.py: BrowserFlow (begin/resume/refresh) + static run_login() for CLI use - auth/models/: AuthType.BROWSER, FlowType.BROWSER, BrowserConfig, ExtractRule, ConnectionRecord.credentials field - server/: register flow, header rendering, export branch, BrowserAction schema, _session_response wiring (~35 lines total) - cli/main.py: 8-line elif block calling BrowserFlow.run_login() - Bundled providers: x-browser, linkedin-browser - 30 new tests in tests/auth/ Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Entire-Checkpoint: 3753e27e5941
rishabhraj36
approved these changes
May 27, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
browserauth type enabling authenticated access to sites like X/Twitter and LinkedIn that use browser session cookies rather than OAuth or API keysbrowser-cookie3to read Chrome's on-disk SQLite cookie database directly (macOS Keychain / Linux GNOME Keyring / Windows DPAPI) — no Playwright, no separate Chrome profileauth/per codebase constraint; server and CLI changes are registration-only (~35 and 8 lines respectively)How it works
authsome login x-browser— daemon creates a browser session, CLI reads Chrome cookies immediately; if no valid session found, opensx.com/loginin the user's browser and polls the cookie DB every 4sConnectionRecord.credentialsauthsome run -- curl https://x.com/...— proxy injectsCookie:header plus any provider-specific headers (e.g.x-csrf-tokenfromct0for X,csrf-tokenfromJSESSIONIDfor LinkedIn)New files
auth/browser_cookies.pyauth/flows/browser.pyBrowserFlow(daemon) + staticrun_login()(CLI)auth/bundled_providers/x-browser.jsonauth/bundled_providers/linkedin-browser.jsontests/auth/test_browser_{cookies,flow,service}.pyTest plan
uv run pytest tests/auth/test_browser_cookies.py tests/auth/test_browser_flow.py tests/auth/test_browser_service.py -v— 30 tests passuv run pytest -p no:xdist— 362 tests pass, no regressionsuv run ruff check src/ tests/— cleanuv run ty check src/— cleanauthsome login x-browser(requires Chrome logged into X),authsome run -- curl -s "https://api.twitter.com/2/users/me"🤖 Generated with Claude Code