Universal Link sign-in: open the magic link in the app#12
Merged
JacobStephens2 merged 1 commit intoJun 7, 2026
Merged
Conversation
The account magic-link email links to https://cascade.stephens.page/auth?token=…, which today opens the website. Register that URL as a Universal Link so it opens Cascade straight into completeSignIn() instead — no hand-copied token. The Swift side was already wired (onOpenURL → handleOpenURL → completeSignIn); this adds the OS-level registration that was missing: - associated-domains entitlement (applinks:cascade.stephens.page) on the macOS and iOS targets, declared in project.yml's entitlements.properties so XcodeGen regenerates rather than clobbers them (cf. #1). - the AASA file at apps/web/public/.well-known/apple-app-site-association scoped to the /auth?token=… path and the app's appID. - a /auth browser fallback page that surfaces the token to paste for devices without the app installed. - docs/universal-link-signin.md runbook. Requires the paid Apple Developer Program: the associated-domains capability can't be signed under free personal-team signing (a signed build fails with "entitlements that require signing with a development certificate"). CI is unaffected — apple.yml compiles with CODE_SIGNING_ALLOWED=NO (verified). Builds on the network.client entitlement fix (account sync needs the network). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
JacobStephens2
merged commit b0caa0d
into
fix/macos-network-entitlement-sync
1 check passed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Makes the account magic-link email (
https://cascade.stephens.page/auth?token=…) open the Cascade app straight intocompleteSignIn()instead of the website — no hand-copied token.What was missing
The Swift side was already wired (
onOpenURL→handleOpenURL→completeSignIn, which already accepts a full link or a bare token). Only the OS-level link registration was absent. This PR adds:associated-domainsentitlement (applinks:cascade.stephens.page) on the macOS and iOS targets — declared inproject.yml'sentitlements.propertiesso XcodeGen regenerates (not clobbers) the files, per Fix xcodegen clobbering Info.plist/entitlements; add device-install script #1. (Caught the clobber: the iOS target previously had noproperties, so xcodegen had been emptying its entitlements file.)apps/web/public/.well-known/apple-app-site-association, scoped to the/auth?token=…path + the app's appIDG38J85UN6P.page.stephens.cascade./authbrowser fallback (apps/web/public/auth/index.html) that surfaces the token to paste, for devices without the app installed.docs/universal-link-signin.mdrunbook.The
associated-domainscapability cannot be signed under free personal-team signing — a signed build fails with "entitlements that require signing with a development certificate." To ship: enrol in the paid program, setDEVELOPMENT_TEAM, enable Associated Domains for the App ID, build with dev/distribution signing.CI is unaffected —
apple.ymlcompiles withCODE_SIGNING_ALLOWED=NO(entitlement validation skipped). Verified locally: CI-style unsignedCascadeMacbuild succeeds. Only the ad-hoc DMG + freeinstall-device.shsigned flows will need the paid cert after merge.Verification done
associated-domains(iOS no longer clobbered to empty).🤖 Generated with Claude Code