Skip to content

chore: bump @friggframework/* deps to 2.0.0-next.82#96

Merged
d-klotz merged 1 commit into
mainfrom
chore/bump-frigg-next-82
May 5, 2026
Merged

chore: bump @friggframework/* deps to 2.0.0-next.82#96
d-klotz merged 1 commit into
mainfrom
chore/bump-frigg-next-82

Conversation

@d-klotz
Copy link
Copy Markdown
Contributor

@d-klotz d-klotz commented May 5, 2026

Summary

Bump @friggframework/* deps from 2.0.0-next.812.0.0-next.82. Pulls in Frigg PR #582 (fix(core): explicitly persist tokens on OAuth2 re-auth).

Why

Diagnosed against Pipedrive in prod (user 10, integrations 12378 + 12379, both currently ERROR):

  • User reinstalls the integration → OAuth callback runs against Pipedrive → Pipedrive issues fresh access + refresh tokens (and retires the old refresh_token).
  • Frigg's ProcessAuthorizationCallback runs getToken but the DLGT_TOKEN_UPDATE notification chain that's supposed to persist the new tokens silently no-ops in prod. The user-visible /api/authorize returns success.
  • The DB still holds the 3-month-old tokens, which Pipedrive has now invalidated.
  • Downstream webhook setup then 401s, integration flips to ERROR. User has no clear signal of what went wrong.

Confirmed by decrypting credential 936: both the access_token (401 invalid) and the now-stale refresh_token (invalid_grant) come from Feb 5, never replaced today despite two reinstalls.

What's in next.82

  • Bootstraps the Module with the existing entity on re-auth so the API requester can use prior tokens as a fallback (replaces a long-standing // todo left as entity = null).
  • Belt-and-suspenders explicit upsertCredential after getToken on the OAuth2 path. The notification chain stays in place; the explicit call ensures persistence even when the chain doesn't fire.
  • Diagnostic logging at POST /api/authorize entry, after getToken, after persistence, and after restore — so future re-auth bugs surface in CloudWatch instead of running silently.
  • restoreIntegrationsForEntity continues to flip linked ERROR/DISABLED integrations back to ENABLED on successful re-auth (existing behavior).

Test plan

  • npm install resolves cleanly with the new versions
  • Deploy to dev; have a user re-install Pipedrive; confirm CloudWatch shows the new [Frigg] processAuthorizationCallback ... log lines
  • Verify the credential's updatedAt matches the OAuth callback time (not a later auth-flip)
  • Re-auth on integration 12379 in prod; expect status to flip back to ENABLED and sync to resume

🤖 Generated with Claude Code

@d-klotz @claude
chore: bump @friggframework/* deps to 2.0.0-next.82
b5ec95e 
Pulls in Frigg PR #582 (fix(core): explicitly persist tokens on OAuth2
re-auth) — fixes the silent token-persistence bug in
ProcessAuthorizationCallback that left re-authenticated entities with
stale OAuth tokens (diagnosed against Pipedrive integrations 12378 and
12379 in prod).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@d-klotz d-klotz merged commit af58200 into main May 5, 2026
3 checks passed
@d-klotz d-klotz deleted the chore/bump-frigg-next-82 branch May 5, 2026 16:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@d-klotz