OAuth credential sync and app integration enhancements#8
Conversation
…11059) * Add credential sync .env variables * Add webhook to send app credentials * Upsert credentials when webhook called * Refresh oauth token from a specific endpoint * Pass appSlug * Add credential encryption * Move oauth helps into a folder * Create parse token response wrapper * Add OAuth helpers to apps * Clean up * Refactor `appDirName` to `appSlug` * Address feedback * Change to safe parse * Remove console.log --------- Co-authored-by: Syed Ali Shahbaz <52925846+alishaz-polymath@users.noreply.github.com> Co-authored-by: Omar López <zomars@me.com>
|
Hey there and thank you for opening this pull request! 👋🏼 We require pull request titles to follow the Conventional Commits specification and it looks like your proposed title needs to be adjusted. Details: |
|
cursor review |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Bugbot free trial expires on August 11, 2025
Learn more in the Cursor dashboard.
|
|
||
| if (!refreshTokenResponse.data.refresh_token) { | ||
| refreshTokenResponse.data.refresh_token = "refresh_token"; | ||
| } |
There was a problem hiding this comment.
Bug: OAuth Token Refresh Fails on Missing Token
The parseRefreshTokenResponse function incorrectly sets refresh_token to the hardcoded string "refresh_token" when it's missing from the OAuth refresh token response. This invalidates the token, breaking subsequent token refreshes and causing authentication failures. The function should instead preserve the existing token or handle the missing token case appropriately.
| }), | ||
| }); | ||
|
|
||
| if (response.statusText !== "OK") throw new HttpError({ statusCode: 400, message: response.statusText }); |
There was a problem hiding this comment.
Bug: Token Refresh Overuse and Response Check Flaw
The SalesforceCalendarService's getClient method now unconditionally performs a token refresh API call, leading to unnecessary API calls, potential rate limiting, and performance degradation. Additionally, the HTTP response success check response.statusText !== "OK" is unreliable as statusText is not standardized and can vary; !response.ok or response.status should be used instead.
| googleCredentials.access_token = token.access_token; | ||
| googleCredentials.expiry_date = token.expiry_date; | ||
| const key = googleCredentialSchema.parse(googleCredentials); | ||
| const key = parseRefreshTokenResponse(googleCredentials, googleCredentialSchema); |
There was a problem hiding this comment.
Bug: Credential Storage Error
The parseRefreshTokenResponse function returns a Zod SafeParseReturnType object. The code incorrectly uses this entire object as the credential key when updating the database, instead of accessing the parsed data via key.data. This results in an invalid data structure being stored in the database.
| if (!clientId) return res.status(400).json({ message: "Zoho Bigin client_id missing." }); | ||
|
|
||
| const redirectUri = WEBAPP_URL + `/api/integrations/${appConfig.slug}/callback`; | ||
| const redirectUri = WEBAPP_URL + `/api/integrations/zoho-bigin/callback`; |
There was a problem hiding this comment.
Bug: OAuth Redirect URI Configuration Issue
The Zoho Bigin redirectUri was hardcoded to "zoho-bigin" instead of using appConfig.slug. This breaks the dynamic configuration pattern and will cause OAuth callback failures if the app slug differs from "zoho-bigin".
Locations (1)
|
This PR is being marked as stale due to inactivity. |
3 participants
Test 8