fix: reauth stale GitHub OAuth tokens#10602
fix: reauth stale GitHub OAuth tokens#10602s-zaizen wants to merge 1 commit intowarpdotdev:masterfrom
Conversation
github-actions
Bot
added
the
external-contributor
|
I'm starting a first review of this pull request. You can view the conversation on Warp. I completed the review and no human review was requested for this pull request. Comment Powered by Oz |
![oz-for-oss[bot]](https://avatars.githubusercontent.com/in/3450139?s=60&v=4){kind=small}
There was a problem hiding this comment.
Overview
This PR adds client-side handling to route stale GitHub OAuth token failures through a fresh GitHub auth transaction.
Concerns
- The new
UserFacingErrorunion variant is converted to a generic error after stale-token detection, so auth-related user-facing failures can still bypass the reauth flow.
Verdict
Found: 0 critical, 1 important, 0 suggestions
Request changes
Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).
Powered by Oz
Treat userGithubInfo failures from stale or invalid GitHub OAuth credentials as an auth-required state, and request a fresh GitHub integration auth transaction before falling back to the generic connect URL.
s-zaizen
force-pushed
the
s-zaizen/gh10053-refresh-github-auth
branch
from
ee431d3 to
a998edb
Compare
|
/oz-review |
|
I'm re-reviewing this pull request in response to a review request. You can view the conversation on Warp. I completed the review and no human review was requested for this pull request. Comment Powered by Oz |
There was a problem hiding this comment.
Overview
This PR routes stale GitHub OAuth-token failures from userGithubInfo into a fresh GitHub authorization flow and updates the environment form to surface auth-required results.
Concerns
- The refresh heuristic currently treats any missing
UserGithubInforesponse data as a stale GitHub credential, which can misroute unrelated GraphQL/backend failures into GitHub OAuth instead of showing an error.
Verdict
Found: 0 critical, 1 important, 0 suggestions
Request changes
Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).
Powered by Oz
| fn should_refresh_github_auth_for_user_github_info_message(message: &str) -> bool { | ||
| let message = message.to_ascii_lowercase(); | ||
| let missing_user_github_info_data = | ||
| message.contains("missing response data") && message.contains("usergithubinfo"); |
There was a problem hiding this comment.
UserGithubInfo, including unrelated server/query errors like rate limits or internal failures, and sends users through GitHub OAuth. Require an auth-specific error term here before returning true so non-token failures remain visible as load errors.
1 participant
Description
Handles stale or invalid GitHub OAuth tokens when loading GitHub repo info. If
userGithubInfofails in the stale-token path, Warp now routes the user back through GitHub auth by requesting a fresh GitHub integration auth transaction, with a fallback to the generic GitHub connect URL.Linked Issue
Closes #10053
ready-to-specorready-to-implement.Testing
cargo fmtcargo test -p warp server::server_api::integrations::tests --libcargo test -p warp settings_view::update_environment_form::tests::test_render_repos_field_auth_required --libcargo test -p warp settings_view::update_environment_form::tests::test_render_repos_field_error_state --libcargo clippy -p warp --lib --tests -- -D warningsI have manually tested my changes locally with
./script/runAgent Mode
Changelog Entries for Stable
CHANGELOG-BUG-FIX: Fixed GitHub reauthorization when a stored OAuth token is stale or revoked.