Skip to content

Tray ↔ Web Auth + Multi-Machine Sync #115

Open
Open
Tray ↔ Web Auth + Multi-Machine Sync#115
Labels
channel/alphaTargets the alpha release channel (early testing)channel/betaTargets the beta release channel (pre-release, opted-in users)channel/liveTargets the live release channel (stable, end-user-facing)channel/rcTargets the rc (release candidate) channel — final stabilization before livesurface/tray-whats-newsurface/web-roadmap
@ntatschner

Description

@ntatschner
ntatschner
opened on May 27, 2026

Problem

The tray and web companion currently authenticate independently, and there is no first-class concept of "the same user on two machines". A user who runs the tray on a desktop and a laptop has no pairing flow; concurrent captures from two machines can also produce duplicate events server-side.

Approach

Device-code OIDC flow for pairing the tray to the web companion. The web side initiates pairing; the tray surfaces a one-time device code; the user confirms on the trusted device. Each paired device is independently revocable from Settings.

Server-side dedup of overlapping captures when the same user runs the tray on two machines simultaneously — the canonical event-id derivation must collapse duplicates rather than store both.

Acceptance criteria

  • Device-code pairing flow works tray → web → confirm
  • Per-device revocation in Settings (each device shows last-seen + revoke action)
  • Concurrent-capture dedup verified by an integration test (two trays, same user, same window)
  • Revoked devices stop accepting new pushes within one heartbeat cycle
  • Pairing audit-logged via the existing audit_log chain

Risks / Open questions

  • Device-code UX: tray must surface the code prominently without leaking it to logs/screenshots
  • Dedup key choice — collision risk if two captures of the same event have slightly different timestamps
  • Revocation race — what happens to an in-flight push from a device revoked mid-batch? (likely needs server-side rejection with clear status code)
  • Pairing flow needs to handle the case where the user has zero web-side devices yet (chicken-and-egg)
Original draft notes

Device-code OIDC for tray ↔ web pairing. Per-device revocation in Settings. Server-side dedup of overlapping captures when the same user runs the tray on two machines simultaneously.

Tracking

Metadata

Metadata

Assignees

No one assigned

    Labels

    channel/alphaTargets the alpha release channel (early testing)channel/betaTargets the beta release channel (pre-release, opted-in users)channel/liveTargets the live release channel (stable, end-user-facing)channel/rcTargets the rc (release candidate) channel — final stabilization before livesurface/tray-whats-newsurface/web-roadmap

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions