Skip to content

Gh 148 onconnectionchange oauth fix#149

Merged
jakeprins merged 7 commits into
mainfrom
gh-148-onconnectionchange-oauth-fix
Jul 1, 2026
Merged

Gh 148 onconnectionchange oauth fix#149
jakeprins merged 7 commits into
mainfrom
gh-148-onconnectionchange-oauth-fix

Conversation

@jakeprins

Copy link
Copy Markdown
Contributor

No description provided.

jakeprins and others added 6 commits July 1, 2026 10:26
…ker handling

Design/root-cause analysis for GH-148. Two defects:
- Post-OAuth onConnectionChange (callable) is emitted from AuthorizeButton,
  which unmounts the moment the connection becomes callable, cancelling the
  emit. Fix: emit from the stable ConnectionsProvider on the transition into
  callable, deduped; remove the fragile AuthorizeButton emits.
- autoStartAuthorization calls window.open with no user gesture; a blocked
  popup leaves the button stuck loading. Fix: detect null handle, toast +
  reset so a manual click (a real gesture) can retry.

Ref #148

Co-Authored-By: Claude <noreply@anthropic.com>
Ref #148

Co-Authored-By: Claude <noreply@anthropic.com>
Move the post-OAuth "now usable" emission out of AuthorizeButton (which
unmounts the moment a connection becomes callable, cancelling the emit)
into ConnectionsProvider, which never unmounts on the view switch. Emit
once per transition into `callable`, deduped via a ref against
updateConnection. Remove the now-redundant AuthorizeButton emits + prop.

Ref #148

Co-Authored-By: Claude <noreply@anthropic.com>
autoStartAuthorization (and any authorize/re-authorize) opens the OAuth
window via window.open; a popup blocker returns null and left the button
stuck in its loading state forever. Detect the null handle, show a toast,
and reset state so a manual click (a real user gesture) can retry. Adds
"Popup blocked" copy to all 5 locales.

Ref #148

Co-Authored-By: Claude <noreply@anthropic.com>
Addresses the two confirmed bugs from the code review of the callable-emit
change:

1. Missed emit on reconnect: the set-only lastEmittedRef never reset when a
   connection left `callable`, so callable -> invalid -> callable (a revoked
   token that is re-authorized) emitted nothing. Detect the transition from
   prevConnection.state instead of a persistent flag, so a re-entry emits.
2. Double emit on re-authorize: connectionActions.handleRedirect emitted
   inline AND the provider effect fired for an authorized -> callable re-auth.

Replace the fragile ref with a disjoint-responsibility model: the provider
effect owns "entry into callable"; updateConnection and handleRedirect emit
everything EXCEPT an entry into callable. No shared dedup ref, race-free.

Regression tests: callable->invalid->callable emits once; authorized->callable
re-auth emits once (isolated SWR cache); clear SWR cache between tests.

Ref #148

Co-Authored-By: Claude <noreply@anthropic.com>
…low-up)

The disjoint-emit model had one hole found in review: in multi-connection
list mode, clicking an `available` connection that the backend enables
straight to `callable` emitted nothing. updateConnection based its skip on
`selectedConnection?.state` (the useState var — null/stub when nothing is
selected), so it read `undefined` and skipped, while the provider effect
also couldn't fire (no prior non-callable render for an unselected
connection).

Base the skip on the merged `connection` (the actually-loaded connection)
instead: only skip when the connection was already selected at a
non-callable state — exactly when the effect will cover the transition.

Regression test: enabling an unselected connection straight to callable
emits onConnectionChange exactly once.

Ref #148

Co-Authored-By: Claude <noreply@anthropic.com>
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

size-limit report 📦

Path Size
dist/react-vault.cjs.production.min.js 292.37 KB (+0.03% 🔺)
dist/react-vault.esm.js 260.95 KB (+0.05% 🔺)

The blocked-popup toast was misleading: with autoStartAuthorization the
popup is blocked because window.open runs without a user gesture — the user
doesn't need to change any browser setting, they just click the button
(a gesture), which opens it. No customer asked for an "allow pop-ups"
prompt. Keep the load-bearing fix (reset loading state so the button is
clickable again) and remove the toast + its now-dead i18n strings.

Ref #148

Co-Authored-By: Claude <noreply@anthropic.com>
@jakeprins
jakeprins merged commit fdcd30c into main Jul 1, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant