Merged
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR migrates from supertokens-auth-react to supertokens-web-js, reimplementing authentication with a custom session management system and refactoring the Google OAuth flow.
Key Changes:
- Migrated to
supertokens-web-jsv0.16.0, removing the React-specific auth library - Implemented custom Session class with RxJS-based event handling for session state management
- Refactored authentication flow to use SuperTokens ThirdParty recipe with direct Google OAuth integration
- Extracted user metadata management into a dedicated service and added skipOnboarding support
Reviewed Changes
Copilot reviewed 71 out of 72 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| yarn.lock | Upgraded supertokens-web-js to v0.16.0, removed supertokens-auth-react and related unused dependencies |
| packages/web/src/common/classes/Session.ts | New Session wrapper class providing event-based session management with RxJS observables |
| packages/web/src/auth/SessionProvider.tsx | New SessionProvider for managing authentication state across the app |
| packages/web/src/common/hooks/useGoogleAuth.ts | Centralized Google OAuth logic for reuse across onboarding and login flows |
| packages/web/src/views/Onboarding/OnboardingFlow.tsx | Updated onboarding to support skipOnboarding metadata and improved flow control |
| packages/backend/src/common/middleware/supertokens.middleware.ts | Configured ThirdParty recipe with Google OAuth and implemented signup/signin logic |
| packages/backend/src/user/services/user-metadata.service.ts | Extracted user metadata operations into dedicated service |
| packages/backend/src/auth/services/compass.auth.service.ts | Implemented separate googleSignup and googleSignin methods with user ID mapping |
| packages/backend/src/priority/services/priority.service.ts | Refactored to use bulk upsert operations and support MongoDB sessions |
| packages/web/src/socket/SocketProvider.tsx | Updated WebSocket handling to work with new session management |
Contributor
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 75 out of 76 changed files in this pull request and generated 7 comments.
Comments suppressed due to low confidence (1)
packages/backend/src/auth/services/google.auth.service.ts:141
- [nitpick] Method renamed from
getAccessTokentorefreshAccessToken, but the error message still says 'Google auth access token not returned'. Consider updating to 'Failed to refresh Google auth access token'.
async refreshAccessToken() {
const { token } = await this.oauthClient.getAccessToken();
if (!StringV4Schema.safeParse(token).success) {
throw error(
AuthError.NoGAuthAccessToken,
"Google auth access token not returned",
);
}
victor-enogwe
force-pushed
the
fix-customize-supertokens-auth-refresh
branch
from
e38c9bc to
3f3b21f
Compare
packages/backend/src/common/middleware/supertokens.middleware.ts
Outdated
Show resolved
Hide resolved
Contributor
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 69 out of 70 changed files in this pull request and generated 11 comments.
Comments suppressed due to low confidence (1)
packages/backend/src/auth/services/google.auth.service.ts:142
- The method name changed from
getAccessTokentorefreshAccessToken, but the implementation only callsgetAccessToken(). This is misleading. If the intent is to refresh the token, the implementation should be updated, or the method should be renamed back.
async refreshAccessToken() {
const { token } = await this.oauthClient.getAccessToken();
if (!StringV4Schema.safeParse(token).success) {
throw error(
AuthError.NoGAuthAccessToken,
"Google auth access token not returned",
);
}
17c774b to
7ef2e0d
Compare
- Add Session class to manage session-related functionalities using SuperTokens. - Create useSession hook to handle session state and authentication checks. - Introduce useGoogleAuth hook for Google login flow and integration with signup completion. - Update GoogleButton component to make onClick optional. - Refactor MobileSignIn and SignInWithGoogle components to utilize new hooks. - Remove deprecated LoginView component and its associated tests. - Adjust Tooltip styles for improved theme compatibility. - Clean up socket connection handling in SocketProvider. - Remove unused imports and code related to previous authentication methods. - Update tests to reflect changes in authentication flow and session management.
- Updated user driver to use TokenPayload from google-auth-library. - Renamed signInWithSuperTokens to googleSignup and loginWithSuperTokens to googleSignin in CompassAuthService. - Refactored GoogleAuthService to refresh access token and handle errors more effectively. - Changed error status for NoGAuthAccessToken to UNAUTHORIZED. - Removed unused sync routes and methods related to stopping watches. - Implemented UserController for fetching and updating user metadata. - Created UserRoutes for user metadata endpoints. - Removed USER_SIGN_OUT and USER_REFRESH_TOKEN constants from websocket. - Updated WebSocketServer to handle user metadata instead of refresh tokens. - Added skipOnboarding flag to UserMetadata and implemented logic to manage onboarding status. - Refactored onboarding flow to skip welcome screens based on signup completion. - Created UserApi for fetching and updating user metadata. - Updated ProtectedRoute to handle session expiration more gracefully. - Enhanced session management in SessionProvider. - Cleaned up unused imports and optimized code structure across various components.
… handling; update onboarding status logic
…ce SignInWithGoogle tests with API mocks
…nProvider fix: enhance socket connection error logging in SocketProvider
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…CompassAuthService
stopwatches if no active session on signout
…ket server reference
…existence and simplify session initialization
…ity into priority service test: add comprehensive tests for priority service methods refactor: streamline priority creation logic with bulk upsert in priority service fix: update websocket server to use user metadata service instead of user service test: update sync controller tests to utilize user metadata service refactor: enhance sync service with incremental Google Calendar sync logic refactor: migrate user service methods to user metadata service for better separation of concerns chore: remove unused user service methods related to Google refresh token test: add tests for user metadata service to ensure correct functionality feat: implement user ID to supertoken ID mapping seeder for user migration
…igation based on onboarding status
victor-enogwe
force-pushed
the
fix-customize-supertokens-auth-refresh
branch
from
adb7b78 to
990a0df
Compare
victor-enogwe
changed the title
tyler-dane
pushed a commit
that referenced
this pull request
Nov 15, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
This PR re-implements the Supertoken's Auth
Use Case
closes #1227
clean up for #1228