Skip to content

fix(auth): propagate secure token request failures #1142

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Shreyas2004wagh wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

fix(auth): propagate secure token request failures #1142

Shreyas2004wagh wants to merge 2 commits into from
+3 −2

Conversation

@Shreyas2004wagh
Copy link

@Shreyas2004wagh Shreyas2004wagh commented Feb 9, 2026

Fix secure token error propagation in auth helpers

Acceptance Criteria fulfillment

  • tokenRequestHandler no longer swallows request failures.
  • Secure token save/delete helpers now await and propagate failures.
  • Build passes for impacted packages (@embeddedchat/auth, @embeddedchat/react).

Fixes #1141

Video/Screenshots

N/A (logic-only change)

PR Test Details

  • yarn lerna run build --scope @embeddedchat/auth --scope @embeddedchat/react
  • Confirmed tokenRequestHandler rethrows in catch
  • Confirmed secure token save/delete paths await and propagate failures

Copilot AI review requested due to automatic review settings February 9, 2026 05:39
Copilot AI reviewed Feb 9, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes secure-auth token flows so request failures properly reject instead of being silently swallowed, improving error handling across @embeddedchat/auth and the React wrapper that wires token storage into the auth stack.

Changes:

  • Rethrow errors in tokenRequestHandler after logging so callers can handle real request failures.
  • Make secure token save/delete helpers return the handleSecureLogin promise so failures propagate to callers.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
packages/react/src/lib/auth.js Ensures secure save/delete token helpers return a promise so errors can propagate up the auth flow.
packages/auth/src/utils/tokenRequestHandler.ts Rethrows caught errors so secure token HTTP failures are not converted into implicit undefined success.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

packages/react/src/lib/auth.js
Comment on lines 20 to 22
async function saveTokenSecure(token) {
this.handleSecureLogin('save', token);
return await this.handleSecureLogin('save', token);
}
Copy link

Copilot AI Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

return await is redundant here and will likely violate Airbnb ESLint's no-return-await rule. Since this function is already async, you can return the promise from handleSecureLogin directly to propagate rejections while avoiding the lint error.

Copilot uses AI. Check for mistakes.
packages/react/src/lib/auth.js
Comment on lines 29 to 31
async function deleteTokenSecure() {
this.handleSecureLogin('delete');
return await this.handleSecureLogin('delete');
}
Copy link

Copilot AI Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above: return await is redundant and may trigger the Airbnb ESLint no-return-await rule. Return the handleSecureLogin promise directly so errors still propagate without introducing a lint failure.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Secure token request helper swallows API errors and hides auth/cookie failures

1 participant

@Shreyas2004wagh