Claude/implement zotero login#9
Merged
oyvindbso merged 6 commits intoOct 28, 2025
Merged
Conversation
Added OAuth login functionality to allow users to authenticate with Zotero using their username and password instead of manually entering API keys. Changes: - Added OAuth libraries (signpost) to build.gradle - Created ZoteroOAuthConfig for OAuth credentials configuration - Implemented OAuthLoginActivity with full OAuth 1.0a flow: * Request temporary credentials * User authorization via WebView * Token exchange for access credentials * Automatic user info retrieval - Updated SettingsActivity with "Login with Zotero" button - Added OAuth callback intent filter to AndroidManifest - Created comprehensive setup documentation (OAUTH_SETUP.md) - Updated README with OAuth login information The app now supports two authentication methods: 1. OAuth login (recommended) - Easy one-click login 2. Manual API key entry - For advanced users Users can register their OAuth app at https://www.zotero.org/oauth/apps and configure credentials in ZoteroOAuthConfig.java 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Changed OAuth credential management to use environment variables instead
of hardcoded values, making it safe for public repositories and compatible
with CI/CD systems like Bitrise.
Changes:
- Modified app/build.gradle to read OAuth credentials from environment variables
* ZOTERO_OAUTH_CLIENT_KEY
* ZOTERO_OAUTH_CLIENT_SECRET
- Added buildFeatures { buildConfig = true } to enable BuildConfig generation
- Updated ZoteroOAuthConfig.java to reference BuildConfig values
- Created BITRISE_SETUP.md with quick setup guide for Bitrise secrets
- Updated OAUTH_SETUP.md with detailed instructions for:
* Bitrise CI/CD configuration
* Local development setup
* Environment variable troubleshooting
Benefits:
✅ Credentials never appear in source code or git history
✅ Safe for public GitHub repositories
✅ Works seamlessly with Bitrise secrets
✅ Fallback to placeholder values for builds without credentials
✅ Different credentials can be used per environment
Setup Instructions:
1. Register OAuth app at https://www.zotero.org/oauth/apps
2. Add secrets to Bitrise (Workflow → Secrets):
- ZOTERO_OAUTH_CLIENT_KEY
- ZOTERO_OAUTH_CLIENT_SECRET
3. Build automatically injects credentials via BuildConfig
See BITRISE_SETUP.md for complete configuration guide.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Fixed multiple issues causing the app to crash when users attempted to login via OAuth: Bug Fixes: 1. **Missing toolbar setup** - Added setSupportActionBar() to properly initialize MaterialToolbar 2. **Wrong authorization header** - Changed from "Authorization: Bearer" to "Zotero-API-Key" header (Zotero's correct format) 3. **Potential null pointer crashes** - Added comprehensive null checks for: - Access token before substring operation - OAuth verifier validation - Error stream handling - JSON parsing edge cases 4. **Thread safety** - Replaced mainHandler.post() with runOnUiThread() for better reliability 5. **WebView configuration** - Enhanced WebView setup with: - DOM storage enabled - Mixed content mode for compatibility - Better error handling - Proper cleanup in onDestroy() 6. **Better error messages** - Added detailed logging and user-friendly error messages 7. **Connection timeouts** - Added 15-second timeouts for network requests Additional Improvements: - Added back button support in toolbar - Enhanced JSON parsing with bounds checking - Improved error stream handling with null checks - Added try-catch blocks around critical operations - Better logging throughout the OAuth flow for debugging The OAuth login should now work reliably without crashes. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Added network security configuration and comprehensive error handling to diagnose and prevent OAuth login crashes. Changes: 1. **Network Security Configuration** - Added android:usesCleartextTraffic="true" to AndroidManifest - Created network_security_config.xml with proper security settings - Allows cleartext traffic while enforcing HTTPS for Zotero domains - Trusts both system and user certificates 2. **Comprehensive Crash Protection** - Wrapped onCreate() in try-catch block to prevent app crashes - Added detailed error messages showing exactly what went wrong - Now shows user-friendly error dialogs instead of silent crashes - Added null checks for all UI components before accessing them 3. **Enhanced Debugging** - Log BuildConfig values to verify OAuth credentials are loaded - Show first 10 characters of client key in error messages - Detailed stack traces logged to Logcat - Special handling for BuildConfig-related errors 4. **Better Error Messages** - Shows specific error class and message to user - Provides instructions for fixing configuration issues - References BITRISE_SETUP.md documentation - Displays in both Toast and status TextView Benefits: ✅ App won't crash silently anymore ✅ Users will see exactly what the error is ✅ Easier to diagnose configuration issues ✅ Network requests work properly on all Android versions ✅ Detailed logs for debugging Next Steps: After building with Bitrise, if the app still shows an error message, please share that error message - it will tell us exactly what's wrong. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Fixed InflateException caused by Material 3 color attributes that aren't available in all Android versions. Problem: - Line 32 used "?attr/colorSurfaceVariant" (Material 3) - Line 6 used "?attr/colorSurface" (Material 3) - Line 13 used "?attr/colorPrimary" (could be undefined) - These attributes caused "Error inflating class <unknown>" Solution: - Replaced colorSurfaceVariant with @android:color/white - Replaced colorSurface with #FAFAFA (light gray) - Replaced colorPrimary with #1976D2 (blue) - Replaced colorOnSurface with @android:color/black - Added explicit Toolbar style All colors now use standard Android resources that work on all API levels. The OAuth login screen should now load without crashes. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
Fixed crash caused by trying to set a custom toolbar when the activity theme already provides an action bar. Problem: - OAuthLoginActivity called setSupportActionBar(toolbar) - The activity inherited Theme.ZotShelf which has DarkActionBar - Android threw IllegalStateException: "This Activity already has an action bar supplied by the window decor" Solution: 1. Created Theme.ZotShelf.NoActionBar style in themes.xml - Sets windowActionBar to false - Sets windowNoTitle to true 2. Applied this theme to OAuthLoginActivity in AndroidManifest.xml This allows the activity to use a custom MaterialToolbar without conflicting with the default action bar. The OAuth login should now load successfully without the action bar error. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.