Add QR code login with device authorization flow

[zortos293]

This PR adds QR code login functionality to OpenNOW, allowing users to authenticate via their mobile device or by entering a short code. It implements the OAuth 2.0 device authorization flow using NVIDIA's Steam Deck client profile, which is the only profile that supports the device flow endpoint.

Auth service changes:

• Added startDeviceLogin and pollDeviceLogin methods to AuthService for device authorization flow
• Implemented requestDeviceAuthorization to obtain device code and verification URLs
• Implemented exchangeDeviceCode to poll NVIDIA servers until user completes login on mobile
• Added buildAuthHeadersForClient to support multiple client profiles (Desktop vs Steam Deck)
• Added authClientId to AuthTokens to track which client ID was used for login
• Updated token refresh flows to preserve and use the correct auth client ID

IPC and preload contracts:

• Added AUTH_DEVICE_LOGIN_START and AUTH_DEVICE_LOGIN_POLL IPC channels
• Added startDeviceLogin and pollDeviceLogin to OpenNowApi in preload
• Registered IPC handlers in accountCatalogHandlers

UI and renderer changes:

• Added QR code generation using qrcode library in LoginScreen
• Added QR code display panel with verification QR, user code, and instructions
• Added secondary 'Sign in with QR code' button alongside existing 'Sign In' button
• Implemented polling logic in App.tsx with retry interval handling (slow_down response)
• Added cancel button to abort QR login attempts
• Enhanced CSS for QR panel layout, code display, and button styling

Localization:

• Added English translations for QR login UI elements including title, description, and button labels

Screenshot:

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e9518aa799

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Avoid saving QR sessions after cancellation

When the user clicks Cancel while a pollDeviceLogin IPC call is already in flight, the renderer only increments qrLoginAttemptRef and ignores the eventual response, but this branch has already exchanged the code and persisted/activated the session in main. In the case where the user approved on NVIDIA and then cancels before this request returns, Cancel leaves the login screen unauthenticated while credentials are still saved as the active account; the poll needs a server-side attempt/cancel check or should avoid committing auth state until the renderer confirms the attempt is still active.

Useful? React with 👍 / 👎.

[capy-ai]

Added 1 comment

[capy-ai]

Added 2 comments

[capy-ai]

Added 2 comments