fix: reauth stale GitHub OAuth tokens#10602
Conversation
github-actions
Bot
added
the
external-contributor
|
I'm starting a first review of this pull request. You can view the conversation on Warp. I completed the review and no human review was requested for this pull request. Comment Powered by Oz |
![oz-for-oss[bot]](https://avatars.githubusercontent.com/in/3450139?s=60&v=4){kind=small}
There was a problem hiding this comment.
Overview
This PR adds client-side handling to route stale GitHub OAuth token failures through a fresh GitHub auth transaction.
Concerns
- The new
UserFacingErrorunion variant is converted to a generic error after stale-token detection, so auth-related user-facing failures can still bypass the reauth flow.
Verdict
Found: 0 critical, 1 important, 0 suggestions
Request changes
Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).
Powered by Oz
Treat userGithubInfo failures from stale or invalid GitHub OAuth credentials as an auth-required state, and request a fresh GitHub integration auth transaction before falling back to the generic connect URL.
s-zaizen
force-pushed
the
s-zaizen/gh10053-refresh-github-auth
branch
from
ee431d3 to
a998edb
Compare
|
/oz-review |
|
I'm re-reviewing this pull request in response to a review request. You can view the conversation on Warp. I completed the review and no human review was requested for this pull request. Comment Powered by Oz |
There was a problem hiding this comment.
Overview
This PR routes stale GitHub OAuth-token failures from userGithubInfo into a fresh GitHub authorization flow and updates the environment form to surface auth-required results.
Concerns
- The refresh heuristic currently treats any missing
UserGithubInforesponse data as a stale GitHub credential, which can misroute unrelated GraphQL/backend failures into GitHub OAuth instead of showing an error.
Verdict
Found: 0 critical, 1 important, 0 suggestions
Request changes
Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).
Powered by Oz
|
/oz-review |
|
I'm re-reviewing this pull request in response to a review request. You can view the conversation on Warp. I reviewed this pull request and requested human review from: Comment Powered by Oz |
oz-for-oss
Bot
dismissed stale reviews from themself
Oz no longer requests changes for this pull request after the latest automated review.
There was a problem hiding this comment.
Overview
This PR routes stale or invalid GitHub OAuth-token failures from userGithubInfo into a fresh GitHub auth flow, adds the UserFacingError union handling needed by the client query, and updates the environment-form UI/tests for the auth-required state.
Concerns
- No blocking correctness or security concerns found.
- One UI resilience suggestion is inline.
Verdict
Found: 0 critical, 0 important, 1 suggestions
Approve with nits
Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).
Powered by Oz
Co-authored-by: oz-for-oss[bot] <277970191+oz-for-oss[bot]@users.noreply.github.com>
1 participant
Description
Handles stale or invalid GitHub OAuth tokens when loading GitHub repo info. If
userGithubInfofails in the stale-token path, Warp now routes the user back through GitHub auth by requesting a fresh GitHub integration auth transaction, with a fallback to the generic GitHub connect URL.Linked Issue
Closes #10053
ready-to-specorready-to-implement.Testing
cargo fmtcargo test -p warp server::server_api::integrations::tests --libcargo test -p warp settings_view::update_environment_form::tests::test_render_repos_field_auth_required --libcargo test -p warp settings_view::update_environment_form::tests::test_render_repos_field_error_state --libcargo clippy -p warp --lib --tests -- -D warningsI have manually tested my changes locally with
./script/runAgent Mode
Changelog Entries for Stable
CHANGELOG-BUG-FIX: Fixed GitHub reauthorization when a stored OAuth token is stale or revoked.