Expand description
Tempo wallet device-code authorization flow.
Implements the CLI side of the tempoxyz/accounts cli-auth device-code
protocol: generates a local secp256k1 access key, creates a PKCE-protected
device code, opens wallet.tempo.xyz/cli-auth?code=<CODE> in the browser,
polls until the user authorizes the key on their passkey wallet, and writes
the resulting keyAuthorization to ~/.tempo/wallet/keys.toml.
Structs§
- Access
KeyOutcome - Result of
ensure_access_key. - Create
Code πRequest - Create
Code πResponse - Ensure
Access KeyConfig - Configuration for
ensure_access_key. - Poll
Request π
Enums§
- Poll
Response π - Matches
tempoxyz/walletpoll response shape.
Constants§
- DEFAULT_
CLI_ πAUTH_ URL - Default device-code service URL (production wallet.tempo.xyz).
- DEFAULT_
POLL_ πINTERVAL - DEFAULT_
TIMEOUT π - TEMPO_
CLI_ πAUTH_ URL_ ENV - Env var to override the device-code service URL (for tests / staging).
Statics§
- AUTH_
LOCK π - Per-process serialization of concurrent
ensure_access_keycalls.
Functions§
- create_
code_ πwith_ retry - POST
/codewith exponential backoff on transient errors, bounded bytimeout. - ensure_
access_ key - Run the device-code flow, persist the resulting key to
keys.toml, and return the new entryβs identifying fields. - is_
known_ πtempo_ endpoint - Returns
trueifurlβs host istempo.xyzor a subdomain of it. - is_
transient_ πerror - is_
transient_ πstatus - open_
browser π - Open
urlvia the OS default browser handler. On platforms without a known opener, this is a no-op (the URL is still printed byensure_access_key). - random_
code_ πverifier - serialize_
u64_ πhex - sha256_
b64url π