GitHub login proceeds after token persistence failure, creating partially authenticated accounts

[Ridanshi]

Summary

The GitHub authentication flow can continue successfully even when GitHub token persistence fails.

This results in accounts that appear connected while lacking the token required for GitHub integrations.

Affected Files

• auth.ts
• connect.ts

Root Cause

Authentication success is not tightly coupled to token persistence success.

When token storage fails, the login flow may continue and create a valid session despite the integration being incomplete.

Reproduction

1. Simulate a token persistence failure.
2. Complete GitHub authentication.
3. Observe successful login.
4. Attempt GitHub integration features.
5. Observe missing token-related failures.

Expected Behavior

Authentication should either complete fully or fail safely.

Actual Behavior

Users can become authenticated while integration state remains incomplete.

Why This Is Difficult To Detect

Authentication succeeds normally.

The issue only becomes visible later when integration features require the missing token.

Production Impact

• Broken GitHub integrations
• Inconsistent account state
• Support burden
• User confusion

Suggested Fix

Ensure token persistence and authentication success are handled atomically.

Severity

High

[Ridanshi]

I investigated this issue and would like to work on it.

The current GitHub authentication flow appears capable of succeeding even when token persistence fails.

I plan to:

• review the authentication lifecycle
• ensure authentication and token persistence remain consistent
• preserve existing login behavior
• add regression coverage for persistence failures

Please assign this issue to me.