From f6531d29f035733552d28f22e4c9fcb5d6affbfb Mon Sep 17 00:00:00 2001 From: Nariman Jelveh Date: Sat, 7 Feb 2026 17:58:24 -0800 Subject: [PATCH] Send app token to opener and close popup After a successful flow, fetch the user app token for the opener origin, cache the returned app_uid on window.host_app_uid, and post a 'puter.token' message to the opener containing success, msg_id, token, username, and app_uid. If the action is absent or equals 'sign-in', close the popup window. This enables parent windows to receive credentials in popup/embedded auth flows. --- src/gui/src/initgui.js | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/src/gui/src/initgui.js b/src/gui/src/initgui.js index c02785ea9..6d6c81aa8 100644 --- a/src/gui/src/initgui.js +++ b/src/gui/src/initgui.js @@ -1130,6 +1130,28 @@ window.initgui = async function (options) { cover_page: window.is_embedded || window.is_fullpage_mode, }, }); + + (async () => { + let msg_id = window.url_query_params.get('msg_id'); + let data = await window.getUserAppToken(new URL(window.openerOrigin).origin); + // This is an implicit app and the app_uid is sent back from the server + // we cache it here so that we can use it later + window.host_app_uid = data.app_uid; + // send token to parent + window.opener.postMessage({ + msg: 'puter.token', + success: true, + msg_id: msg_id, + token: data.token, + username: window.user.username, + app_uid: data.app_uid, + }, window.openerOrigin); + // close popup + if ( !action || action === 'sign-in' ) { + window.close(); + window.open('', '_self').close(); + } + })(); } else { UIAlert({ message: err_obj.message ?? 'There was an error creating your account. Please try again.',