Skip to content

[SOU-123] Fix GitLab token refresh with redirect_uri parameter#798

Merged
msukkari merged 3 commits intomainfrom
msukkari/fix-gitlab-token-refresh-2rf1y1
Jan 28, 2026
Merged

[SOU-123] Fix GitLab token refresh with redirect_uri parameter#798
msukkari merged 3 commits intomainfrom
msukkari/fix-gitlab-token-refresh-2rf1y1

Conversation

@msukkari
Copy link
Contributor

@msukkari msukkari commented Jan 27, 2026
edited by coderabbitai bot
Loading

Description

Fixes GitLab OAuth token refresh failures caused by missing redirect_uri parameter. GitLab's OAuth implementation requires the redirect_uri parameter to be included in token refresh requests and must match the original authorization request URI.

Changes

  • Modified tokenRefresh.ts: Added support for including the redirect_uri parameter in GitLab token refresh requests

    • Refactored request body construction to handle provider-specific parameters
    • Uses URL constructor to normalize the redirect URI and handle trailing slashes correctly
    • Added clarifying comments explaining GitLab's OAuth requirements

  • Added docker-compose-niteshift.yml: Development configuration for local testing with Redis and PostgreSQL services

Technical Details

The error invalid_grant occurs because GitLab validates that the redirect_uri parameter in the refresh request matches the original authorization request. Previously, this parameter was omitted from the refresh token request, causing validation to fail.

The fix:

  1. Constructs the redirect URI using the URL constructor to ensure proper formatting
  2. Adds the redirect URI to the request body only for GitLab provider
  3. Maintains backward compatibility for other OAuth providers

Related Issues

View Niteshift Task

Summary by CodeRabbit

  • Bug Fixes
    • Fixed GitLab OAuth token refresh failures by ensuring the required redirect_uri parameter is properly included in token refresh requests.

✏️ Tip: You can customize this high-level summary in your review settings.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jan 27, 2026
edited
Loading

Walkthrough

This pull request fixes GitLab OAuth token refresh failures by refactoring the token refresh request to include a conditionally-added redirect_uri parameter when the provider is GitLab, using a dedicated bodyParams object and URL normalization for trailing slashes.

Changes

Cohort / File(s) Summary
OAuth Token Refresh Fix
packages/web/src/ee/features/permissionSyncing/tokenRefresh.ts		 Refactored token request body construction from inline URLSearchParams to a dedicated bodyParams object. Added conditional redirect_uri parameter for GitLab provider using URL normalization to handle trailing slashes. Request body now uses URLSearchParams(bodyParams) instead of literal construction.
Documentation
CHANGELOG.md		 Added changelog entry documenting the fix for GitLab OAuth token refresh failures by including the required redirect_uri parameter.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1
❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly and specifically describes the main change: fixing GitLab token refresh by adding the redirect_uri parameter.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@msukkari msukkari marked this pull request as ready for review January 27, 2026 22:47
@github-actions

This comment has been minimized.

Sign in to view
coderabbitai[bot]
coderabbitai bot reviewed Jan 27, 2026
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Fix all issues with AI agents 
In `@packages/web/src/ee/features/permissionSyncing/tokenRefresh.ts`:
- Around line 122-143: The GitLab redirect_uri is built via string concatenation
in tokenRefresh.ts (bodyParams and provider) and will produce double slashes if
env.AUTH_URL has a trailing slash; change the assignment so when provider ===
'gitlab' you set bodyParams.redirect_uri by normalizing with the URL constructor
(e.g., construct the callback path against env.AUTH_URL to produce a canonical
URL) instead of string concatenation, ensuring the final redirect_uri exactly
matches the original authorization request format.
🧹 Nitpick comments (1)
docker-compose-niteshift.yml (1)

9-23: Prefer named volumes (or configurable paths) for portability.

Line 10 and Line 23 hard-code /root/... which will fail for non-root users and on macOS/Windows. Named volumes keep local dev friction low and avoid path permissions issues.

♻️ Suggested refactor 
 services:
   redis:
@@
-    volumes:
-      - /root/.niteshift/data/redis:/data
+    volumes:
+      - redis_data:/data
@@
   postgres:
@@
-    volumes:
-      - /root/.niteshift/data/postgres:/var/lib/postgresql/data
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
@@
+volumes:
+  redis_data:
+  postgres_data:

@msukkari msukkari changed the title [SOU-123] Fix GitLab token refresh with redirect_uri validation [SOU-123] Fix GitLab token refresh with redirect_uri parameter Jan 27, 2026
@cursoragent @msukkari
chore: remove docker-compose-niteshift.yml and add changelog entry fo…
8487b75 
…r GitLab token refresh fix

Co-authored-by: michael <michael@sourcebot.dev>
@msukkari msukkari merged commit f1b4361 into main Jan 28, 2026
9 checks passed
@github-actions github-actions bot mentioned this pull request Jan 28, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@msukkari @cursoragent