fix(settings): surface OAuth client-info fetch failures as discrete errors#20457
Open
vpomerleau wants to merge 1 commit intomainfrom
Open
fix(settings): surface OAuth client-info fetch failures as discrete errors#20457vpomerleau wants to merge 1 commit intomainfrom
vpomerleau wants to merge 1 commit intomainfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR aims to prevent “ghost” OAuth integrations when the /v1/oauth/client/:id lookup fails by making the failure explicit on the integration model, surfacing a discrete OAuth error (errno 998) instead of falling into misleading scope-validation errors, and logging the underlying fetch failure to Sentry with a dedicated tag.
Changes:
- Add
clientInfoLoadFailedtoGenericIntegrationand set it duringIntegrationFactory.initClientInfowhen client-info was expected but missing. - Short-circuit
OAuthWebIntegration.getPermissions()to throwSERVICE_UNAVAILABLEwhenclientInfoLoadFailedis set, avoiding the scope-sanitization/Sentry-path. - Capture client-info fetch failures in
useClientInfoStateto Sentry withtags.area = 'useClientInfoState.fetch'and add unit tests for these behaviors.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| packages/fxa-settings/src/models/integrations/integration.ts | Adds clientInfoLoadFailed flag to the base integration model. |
| packages/fxa-settings/src/lib/integrations/integration-factory.ts | Sets clientInfoLoadFailed during integration initialization when clientInfo is missing. |
| packages/fxa-settings/src/models/integrations/oauth-web-integration.ts | Throws SERVICE_UNAVAILABLE early from getPermissions() when client-info fetch failed. |
| packages/fxa-settings/src/models/hooks.ts | Captures /v1/oauth/client/:id fetch errors to Sentry with a dedicated area tag. |
| packages/fxa-settings/src/models/integrations/oauth-web-integration.test.ts | Tests early SERVICE_UNAVAILABLE throw and ensures scope-error isn’t captured to Sentry in that case. |
| packages/fxa-settings/src/models/hooks.test.ts | Adds unit tests for useClientInfoState success + error Sentry capture paths. |
| packages/fxa-settings/src/lib/integrations/integration-factory.test.ts | Adds coverage verifying clientInfoLoadFailed is set/unset as expected. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR makes OAuth client-info fetch failures explicit in fxa-settings integrations, preventing “ghost” clientInfo state from cascading into misleading scope-validation errors and improving Sentry signal for the actual fetch failure.
Changes:
- Add
clientInfoLoadFailedtoGenericIntegrationand propagate it throughuseIntegration→IntegrationFactory. - Short-circuit
OAuthWebIntegration.getPermissions()to throwSERVICE_UNAVAILABLE(errno 998) when client-info lookup failed. - Capture
/v1/oauth/client/:idfetch failures to Sentry inuseClientInfoStatewith a dedicatedareatag, and add unit tests for the new behavior.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| packages/fxa-settings/src/models/integrations/oauth-web-integration.ts | Early error throw in getPermissions() when client-info fetch failed to avoid misleading scope sanitization. |
| packages/fxa-settings/src/models/integrations/oauth-web-integration.test.ts | Adds coverage ensuring SERVICE_UNAVAILABLE is thrown and scope-error Sentry capture does not occur. |
| packages/fxa-settings/src/models/integrations/integration.ts | Introduces clientInfoLoadFailed flag on the base integration model. |
| packages/fxa-settings/src/models/hooks.ts | Propagates fetch-failure state into the factory and captures fetch failures to Sentry with area: useClientInfoState.fetch. |
| packages/fxa-settings/src/models/hooks.test.ts | Adds unit tests for useClientInfoState success, network error, non-OK HTTP response, and missing client_id behavior. |
| packages/fxa-settings/src/lib/integrations/integration-factory.ts | Accepts and applies clientInfoLoadFailed onto created integrations during initClientInfo. |
| packages/fxa-settings/src/lib/integrations/integration-factory.test.ts | Adds coverage that the factory flags (and does not incorrectly flag) clientInfoLoadFailed. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…rrors Because: * A failed /v1/oauth/client/:id fetch silently builds a ghost OAuth integration: scope sanitisation strips every scope and the flow throws errno 109, masking the real cause across ~80k Sentry events (FXA-CONTENT-1HYP, 1GTG, related). * Regression from FXA-12995: the REST replacement for Apollo's useQuery dropped the error signal that useIntegration relied on. This commit: * Adds clientInfoLoadFailed on GenericIntegration, set when client_id was present but clientInfo is undefined. * Short-circuits OAuthWebIntegration.getPermissions to throw SERVICE_UNAVAILABLE (errno 998) when the flag is set; existing OAuthDataError handling keeps user-facing behaviour unchanged. * Captures the fetch error from useClientInfoState under area: 'useClientInfoState.fetch'. * Adds unit coverage for the flag, the early-return, and the Sentry capture. Closes #FXA-13618
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Because
/v1/oauth/client/:idfetch silently builds a ghost OAuth integration: scope sanitization strips every scope and the flow throws errno 109, masking the real cause across Sentry events (FXA-CONTENT-1HYP for example)This pull request
clientInfoLoadFailedonGenericIntegration, set whenclient_idwas present butclientInfois undefined.OAuthWebIntegration.getPermissionsto throwSERVICE_UNAVAILABLE(errno 998) when the flag is set; existing OAuthDataError handling keeps user-facing behaviour unchanged.Issue that this pull request solves
Closes: FXA-13618
Checklist
How to review (Optional)
Screenshots (Optional)
N/A — no UI change. The user-visible behaviour when the client-info fetch fails continues to be `OAuthDataError`, just with an honest errno (998 "System unavailable, try again soon") instead of a misleading errno 109.
Other information (Optional)
Supersedes FXA-13172, FXA-13171, FXA-12759 (all linked from the Jira ticket — those should close once Sentry events stop accruing on post-deploy). Related to FXA-13088 which was previously cancelled but is the same ghost-integration pattern reaching a different validator.
Separate follow-ups (not in this PR):