Universal Link sign-in: open the magic link in the app (re-land on main)#13
Merged
Merged
Conversation
The account magic-link email links to https://cascade.stephens.page/auth?token=…, which today opens the website. Register that URL as a Universal Link so it opens Cascade straight into completeSignIn() instead — no hand-copied token. The Swift side was already wired (onOpenURL → handleOpenURL → completeSignIn); this adds the OS-level registration that was missing: - associated-domains entitlement (applinks:cascade.stephens.page) on the macOS and iOS targets, declared in project.yml's entitlements.properties so XcodeGen regenerates rather than clobbers them (cf. #1). - the AASA file at apps/web/public/.well-known/apple-app-site-association scoped to the /auth?token=… path and the app's appID. - a /auth browser fallback page that surfaces the token to paste for devices without the app installed. - docs/universal-link-signin.md runbook. Requires the paid Apple Developer Program: the associated-domains capability can't be signed under free personal-team signing (a signed build fails with "entitlements that require signing with a development certificate"). CI is unaffected — apple.yml compiles with CODE_SIGNING_ALLOWED=NO (verified). Builds on the network.client entitlement fix (account sync needs the network). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
JacobStephens2
added a commit
that referenced
this pull request
Jun 7, 2026
PR #13's static /auth page shows the magic-link token with a Copy button and relies on Apple Universal Links to open the native app automatically. Windows has no Universal Link for an unpackaged app, so the link minted with &app=windows (server, #14) only ever showed the copy-the-code fallback. When app=windows is present, redirect to cascade://auth?token=... so the desktop app launches and signs in, with an "Open Cascade" button as the fallback if the browser blocks the programmatic protocol navigation. The copy-the-code path remains for when the app isn't installed. Co-authored-by: Jacob Stephens <jstephens@vagabondtours.com> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Re-lands the Universal Link sign-in work. #12 was merged into its stacked base branch (
fix/macos-network-entitlement-sync) rather thanmain, so its changes never reachedmain. This PR is the same commit, cherry-picked cleanly ontomain(which now has the #11 network entitlement fix).Makes the account magic-link email (
https://cascade.stephens.page/auth?token=…) open the Cascade app straight intocompleteSignIn()instead of the website.Contents (unchanged from #12)
associated-domainsentitlement (applinks:cascade.stephens.page) on macOS + iOS, viaproject.ymlentitlements.propertiesso XcodeGen regenerates rather than clobbers them (also fixes the iOS target previously having noproperties, which xcodegen was emptying).apps/web/public/.well-known/apple-app-site-association(appIDG38J85UN6P.page.stephens.cascade,/auth?token=…path)./authbrowser fallback page for devices without the app.docs/universal-link-signin.mdrunbook.associated-domainscan't be ad-hoc signed (signed build errors "entitlements that require signing with a development certificate"). CI is unaffected —apple.ymlbuilds withCODE_SIGNING_ALLOWED=NO(verified: unsignedCascadeMacbuild succeeds). Only the ad-hoc DMG + freeinstall-device.shsigned flows need the paid cert after merge.🤖 Generated with Claude Code