fix: open browser and copy code for github copilot device oauth flow

[sheikhlimon]

Summary

Relates to #6957

This PR updates GitHub Copilot's OAuth device code flow to show the code in the UI instead of silently copying it to the clipboard, addressing the UX concern raised in the PR review.

Changes:

• Added DeviceCodeModal component with code display and auto-polling for completion
• Added discriminated union response types to the OAuth endpoint to keep it compatible with other providers
• Added /config/providers/{name}/oauth/completion endpoint for non-blocking completion checks
• Updated backend to return device code info immediately and poll for completion
• Removed arboard dependency (no longer silently copying to clipboard)

Type of Change

• Feature
• Bug fix
• Refactor / Code quality
• Performance improvement
• Documentation
• Tests
• Security fix
• Build / Release
• Other (specify below)

AI Assistance

• This PR was created or reviewed with AI assistance

Testing

• Added 3 serialization tests for DeviceCodeData struct

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d4209eb8fd

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Handle clipboard write failures in Copilot device login

This logic only falls back when Clipboard::new() fails, but if clipboard initialization succeeds and set_text fails (e.g., Wayland/X11 clipboard permission/runtime issues), no fallback path exposes the device code except println!, which is not visible in the desktop flow this change is trying to fix. In that case users can still get stuck at sign-in because they have a browser window but no code to enter.

Useful? React with 👍 / 👎.

[jamadeo]

This is a clever way around the issue, but I'm not sure I'd want goose writing directly to my clipboard.

What would it take to properly show the code in the desktop UI?

[sheikhlimon]

This is a clever way around the issue, but I'm not sure I'd want goose writing directly to my clipboard.

What would it take to properly show the code in the desktop UI?

From what I understand, this might involve two changes:

1. Updating the /config/providers/{provider}/oauth flow to return the device code so the desktop UI can render it.
2. Adding a UI element to display the code with an explicit copy option.

That way the clipboard write could be removed, since the user would be able to copy it themselves.

Let me know if that sounds roughly like the direction you had in mind.

[jamadeo]

@sheikhlimon yes that sounds exactly right! For the oauth handler, however we change it will still need to be compatible with the other providers using it, but this is definitely the way to go.

[sheikhlimon]

@jamadeo I tried implementing the approach we discussed and got close, but I’m running into some limitations and can’t get the final flow to work reliably.

I don’t think I’ll be able to complete this PR properly, so it’s probably best to close it rather than leave it half-working. Happy for someone else to pick it up if needed.

Also, #8019 covers what I initially aimed for and does a better job in terms of UX.