fix: update OAuth parameters for improved consent handling and token …#1149
Open
ricofurtado wants to merge 2 commits intomainfrom
Open
fix: update OAuth parameters for improved consent handling and token …#1149ricofurtado wants to merge 2 commits intomainfrom
ricofurtado wants to merge 2 commits intomainfrom
Conversation
github-actions
bot
added
frontend
github-actions
bot
added
bug
Contributor
There was a problem hiding this comment.
Pull request overview
Updates OAuth token persistence and authorization parameters to improve Google consent handling, ensure refresh token availability, and fix token expiry interpretation.
Changes:
- Preserve an existing
refresh_tokenwhen the token callback omits it; storeid_tokenwhen returned. - Save callback
expiryin UTC and normalize Google tokenexpiryparsing to naive UTC forgoogle-authcompatibility. - Update frontend OAuth authorization URL parameters to request offline access more consistently.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| src/services/auth_service.py | Preserves refresh tokens across re-consent, stores id_token, and writes expiry as UTC. |
| src/connectors/google_drive/oauth.py | Normalizes stored expiry to naive UTC when loading Google credentials. |
| frontend/contexts/auth-context.tsx | Adjusts Google login authorization URL parameters (include_granted_scopes, prompt). |
| frontend/app/api/mutations/useConnectConnectorMutation.ts | Adjusts connector connect authorization URL parameters (currently applied to all connectors). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
56
to
+65
| if token_data.get("expiry"): | ||
| from datetime import datetime | ||
|
|
||
| expiry_dt = datetime.fromisoformat(token_data["expiry"]) | ||
| # Remove timezone info to make it naive (Google auth expects naive datetimes) | ||
| self.creds.expiry = expiry_dt.replace(tzinfo=None) | ||
| if expiry_dt.tzinfo is None: | ||
| local_tz = datetime.now().astimezone().tzinfo | ||
| expiry_dt = expiry_dt.replace(tzinfo=local_tz) | ||
|
|
||
| # google-auth compares against a naive UTC timestamp internally. | ||
| self.creds.expiry = ( | ||
| expiry_dt.astimezone(timezone.utc).replace(tzinfo=None) | ||
| ) |
Comment on lines
79
to
82
| `access_type=offline&` + | ||
| `prompt=select_account&` + | ||
| `include_granted_scopes=true&` + | ||
| `prompt=consent&` + | ||
| `state=${result.connection_id}`; |
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
github-actions
bot
added
bug
edwinjosechittilappilly
requested changes
Mar 13, 2026
Collaborator
edwinjosechittilappilly
left a comment
edwinjosechittilappilly
left a comment
There was a problem hiding this comment.
Rico lets test this once you are free after reverting the changes in a headers changes in auth context and useConnect...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Root cause was in auth state, not the upload page UI.
Google connection was being marked unauthenticated because token expiry was interpreted incorrectly (timezone-naive handling), so authenticate() returned False.
The current Google token file also has no refresh_token, so once access token expires it cannot auto-refresh.
I patched this end-to-end:
-Normalized stored OAuth expiry to naive UTC at load time (compatible with google-auth): oauth.py
-Saved callback expiry in UTC and preserve existing refresh_token when provider omits it on re-consent.
-Added Google OAuth params to request offline refresh token consistently (include_granted_scopes=true, prompt=consent) in both login and connector connect flows)
-Made some changes in UI, so Mike needs to validate.