-
Notifications
You must be signed in to change notification settings - Fork 428
E2E tests for OAuth token refresh #774
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
✨ No issues found! Your code is sparkling clean! ✨ 🗒️ View all ignored comments in this repo
Need help? Join our Discord for support! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Greptile Summary
This PR implements comprehensive end-to-end testing infrastructure for OAuth token refresh functionality. The changes span multiple components:
-
Enhanced the mock OAuth provider to better simulate real provider behavior by:
- Adding 'offline_access' scope support
- Implementing actual token validation instead of always returning true
- Adding proper refresh token handling
-
Modified the base OAuth provider to always request consent screens via
prompt: "consent"
parameter, ensuring consistent refresh token behavior across providers -
Added a development environment flag
STACK_ALLOW_SHARED_OAUTH_ACCESS_TOKENS
to support testing scenarios -
Improved error handling and validation in the connected accounts token CRUD operations
-
Implemented a mock OAuth server with token revocation capabilities and in-memory token storage for testing
The changes collectively enable thorough testing of OAuth token lifecycle management, including refresh flows and revocation scenarios.
Confidence score: 4/5
- This PR is reasonably safe to merge with proper testing
- Score of 4 because while the changes are well-structured and focused on testing infrastructure, the shared OAuth tokens feature could potentially impact production behavior if not properly isolated
- Files needing attention:
- apps/backend/.env.development - Ensure the new environment variable is properly documented
- apps/backend/src/oauth/providers/base.tsx - Verify the consent prompt doesn't affect production flows unintentionally
6 files reviewed, 4 comments
Edit PR Review Bot Settings | Greptile
.../backend/src/app/api/latest/connected-accounts/[user_id]/[provider_id]/access-token/crud.tsx
Outdated
Show resolved
Hide resolved
apps/e2e/tests/backend/endpoints/api/v1/connected-accounts.test.ts
Outdated
Show resolved
Hide resolved
…provider_id]/access-token/crud.tsx Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
…t.ts Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: Konsti Wohlwend <n2d4xc@gmail.com>
…ack into oauth-refresh-e2e
Some new issue(s) might be present. Please use the following link(s) to view them: https://zeropath.com/app/issues/cfb0967e-d6d5-4918-af9e-9a6d36d2e7ea Reply to this PR with |
Some new issue(s) might be present. Please use the following link(s) to view them: https://zeropath.com/app/issues/b603df41-9420-414d-a76e-432176103444 Reply to this PR with |
Important
Add E2E tests for OAuth token refresh, update OAuth provider for consent prompt, and enhance mock server with token revocation.
connected-accounts.test.ts
to verify access token usage, refresh on revocation, and re-authorization prompt on refresh token revocation.prompt: "consent"
togetAuthorizationUrl()
inbase.tsx
.MockProvider
inmock.tsx
to includeoffline_access
inbaseScope
.index.ts
for access and refresh tokens.index.ts
.This description was created by
for abc2ea3. You can customize this summary. It will automatically update as commits are pushed.