fix(auth): correct OAuth token refresh

[naheel0]

This pull request completes the integration of the GitQuest frontend with the backend, replacing all mock data with real data from the backend and GitHub APIs. It introduces robust authentication via GitHub OAuth, improves error handling and loading states, and updates both backend and frontend API contracts to support real-time data flow. The most important changes are grouped below:

Frontend Integration and UI Improvements:

• The Discover Issues component (discover-issues.tsx) now fetches 30 real GitHub issues from the backend, replaces all mock data, adds loading spinners and error states, and displays real repository, XP, and issue details. Issue cards are updated to use real API fields and include a "View Issue" button. [1] [2] [3] [4] [5] [6] [7]
• A new documentation file, FRONTEND_BACKEND_INTEGRATION_COMPLETE.md, summarizes the completed integration, lists all working endpoints, and provides next steps for production.

Backend API and Authentication Enhancements:

• The AuthController now supports the full GitHub OAuth flow, including endpoints for OAuth initiation (GET /api/auth/github), callback handling (GET /api/auth/github-callback), and direct login via code (POST /api/auth/github). The API contract is updated to accept a typed request object. [1] [2]
• The backend project is configured to use .NET user secrets for secure storage of sensitive credentials.
• The GitHub OAuth token exchange now requires a non-null redirect URI, improving reliability.

API and Endpoint Updates:

• The user profile endpoint is standardized to GET /api/users/{username} (was /profile/{username}) to match frontend expectations.

Configuration and Security:

• appsettings.json is updated with a secure JWT key, a real GitHub Client ID, and expanded CORS origins to allow both localhost and 127.0.0.1.

These changes ensure the GitQuest application now provides a seamless, real-data experience across authentication, issues discovery, leaderboard, and user profiles.

References:
Frontend: [1] [2] [3] [4] [5] [6] [7] [8]
Backend: [1] [2] [3] [4] [5]
Config:

Summary by CodeRabbit

Release Notes

• New Features

  • Real GitHub issues now dynamically load in the discovery section
  • Live leaderboard tracks actual player rankings, streaks, and experience
  • Secure user authentication with GitHub OAuth sign in/sign out
  • User profiles display real contributor data and experience progression

• Documentation

  • Expanded README with comprehensive setup instructions and feature overview

[coderabbitai]

Walkthrough

This pull request introduces GitHub OAuth authentication flow with backend endpoints, updates API routes for user profiles and leaderboards, and replaces static mock data with live API integration throughout the frontend. It includes comprehensive developer documentation, OAuth configuration, and real-time data fetching for issue discovery, leaderboards, and user profiles.

Changes

Cohort / File(s)	Summary
Project Documentation AGENTS.md, README.md	Added comprehensive AI agent development guide with architecture, build commands, code style conventions, and patterns; updated README with real data features, live GitHub OAuth integration, detailed setup instructions, and database migration guidance.
Backend Configuration Backend/Backend/Backend.csproj, Backend/Backend/appsettings.json	Enabled User Secrets support; configured CORS for localhost origins, JWT key, and GitHub OAuth credentials (ClientId and CallbackUrl).
Backend OAuth & Route Changes Backend/Backend/Controllers/AuthController.cs, Backend/Backend/Controllers/UsersController.cs	Added GitHub OAuth flow endpoints (GET /github, GET /github-callback, updated POST /github); refactored login to accept structured GitHubLoginRequest object; renamed user profile endpoint to GET /api/users/{username}.
Frontend API Integration frontend/lib/api.ts	Added ApiResult<T> type definition; updated loginWithGitHub request payload structure; added getUserProfile and getLeaderboard API functions.
Frontend Dynamic Components frontend/components/discover/discover-issues.tsx, frontend/components/header.tsx, frontend/components/leaderboard/leaderboard.tsx, frontend/components/profile/developer-profile.tsx	Replaced static mock data with dynamic useEffect-driven API calls; added authentication state management in header with sign-in/sign-out flows; implemented loading/error UI states and live data rendering across issue discovery, leaderboard sorting, and developer profiles.

Sequence Diagram(s)

sequenceDiagram
    participant User as User/Browser
    participant Frontend as Frontend App
    participant Backend as ASP.NET Backend
    participant GitHub as GitHub OAuth API
    participant Database as Database

    User->>Frontend: Clicks "Sign In"
    Frontend->>Frontend: Constructs OAuth URL with client_id
    Frontend->>GitHub: Redirects to GitHub authorization page
    GitHub->>User: Shows OAuth consent screen
    User->>GitHub: Authorizes application
    GitHub->>Frontend: Redirects back with authorization code
    Frontend->>Backend: POST /api/auth/github with code
    Backend->>GitHub: Exchanges code for access token
    GitHub->>Backend: Returns access token
    Backend->>GitHub: Fetches user info (email, profile)
    GitHub->>Backend: Returns user details
    Backend->>Database: Sync/create user record
    Database->>Backend: User saved
    Backend->>Backend: Generates JWT token
    Backend->>Frontend: Returns JWT (HTTP-only cookie) + user info
    Frontend->>Frontend: Stores user state, clears auth UI
    Frontend->>User: Displays authenticated header with profile

Loading

sequenceDiagram
    participant Component as Frontend Component
    participant APIClient as API Client (api.ts)
    participant Backend as Backend API
    participant Database as Database

    Component->>Component: useEffect triggered on mount
    Component->>APIClient: Calls getLeaderboard() or getUserProfile()
    APIClient->>Backend: GET /api/users/leaderboard or /api/users/{username}
    Backend->>Database: Query users with EF
    Database->>Backend: Returns user records
    Backend->>APIClient: Returns ApiResponse<User[]> or ApiResponse<User>
    APIClient->>Component: Promise resolves with data/error
    Component->>Component: Updates state (users, profile, loading, error)
    Component->>Component: Conditional rendering (loading spinner, error msg, or data)
    Component->>User: Renders live leaderboard or profile

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• PR #18: Builds on the backend scaffold by modifying Backend.csproj and appsettings.json in the same project, and extends the controller structure with new OAuth endpoints.
• PR #22: Directly related at the code level through modifications to AuthController and UsersController for GitHub OAuth login handling and user profile route signature changes.

Suggested labels

feature

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 38.46% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	⚠️ Warning	The PR title 'fix(auth): correct OAuth token refresh' does not align with the actual changes. The PR implements comprehensive OAuth integration, replaces mock data with real backend data across multiple components, adds API endpoints, and includes significant documentation—far beyond just correcting token refresh.	Update the title to reflect the primary change, such as 'feat: complete frontend-backend integration with GitHub OAuth' or 'feat: implement end-to-end OAuth and replace mock data with real APIs'.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch oauth-integration-fixes

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}