[PR #6540] Add session token authentication to API init() #6588

Closed
opened 2026-02-28 21:30:23 -06:00 by GiteaMirror · 0 comments
Owner

Original Pull Request: https://github.com/actualbudget/actual/pull/6540

State: closed
Merged: Yes


Summary

  • Add sessionToken option to InitConfig for direct token-based authentication
  • Refactor InitConfig to use TypeScript union types that enforce exactly one auth method
  • Validate session tokens on init and throw clear errors for invalid/expired tokens

Usage

// Session token auth (new)
await api.init({
  serverURL: 'https://actual.example.com',
  sessionToken: 'my-session-token-uuid',
  dataDir: '/data'
});

// Password auth (existing - still works)
await api.init({
  serverURL: 'https://actual.example.com',
  password: 'mypassword',
  dataDir: '/data'
});

TypeScript will error if both password and sessionToken are provided.

Summary by CodeRabbit

  • Refactor

    • Unified initialization config to explicitly support server, session-token, password, and local-only modes.
    • init flow now derives runtime paths and modes from the new config shapes and preserves verbose/local behavior.
  • Bug Fixes

    • Improved authentication handling: validates session tokens at startup, clears invalid tokens, and falls back to password sign-in when appropriate; clearer errors for invalid/expired tokens and offline cases.

✏️ Tip: You can customize this high-level summary in your review settings.

**Original Pull Request:** https://github.com/actualbudget/actual/pull/6540 **State:** closed **Merged:** Yes --- ## Summary - Add `sessionToken` option to `InitConfig` for direct token-based authentication - Refactor `InitConfig` to use TypeScript union types that enforce exactly one auth method - Validate session tokens on init and throw clear errors for invalid/expired tokens ## Usage ```typescript // Session token auth (new) await api.init({ serverURL: 'https://actual.example.com', sessionToken: 'my-session-token-uuid', dataDir: '/data' }); // Password auth (existing - still works) await api.init({ serverURL: 'https://actual.example.com', password: 'mypassword', dataDir: '/data' }); ``` TypeScript will error if both `password` and `sessionToken` are provided. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Refactor** * Unified initialization config to explicitly support server, session-token, password, and local-only modes. * init flow now derives runtime paths and modes from the new config shapes and preserves verbose/local behavior. * **Bug Fixes** * Improved authentication handling: validates session tokens at startup, clears invalid tokens, and falls back to password sign-in when appropriate; clearer errors for invalid/expired tokens and offline cases. <sub>✏️ Tip: You can customize this high-level summary in your review settings.</sub> <!-- end of auto-generated comment: release notes by coderabbit.ai -->
GiteaMirror added the pull-request label 2026-02-28 21:30:23 -06:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/actual#6588