faral/pokerface
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix OAuth login failure for Atlassian accounts with colons in ID
All checks were successful
Build & Push Container Image / build (push) Successful in 6s
Details

Browse source 
Some Atlassian account IDs use the format '70121:uuid' which contains
a colon — an invalid character in NATS KV keys (mapped to subjects).
Sanitize by replacing colons with underscores in the OAuth KV key.

No migration needed: affected users never had stored entries since
the PUT always failed.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jan Willem Mannaerts 2026-03-03 13:31:35 +01:00
parent f17072116d
commit 5b83dd7ed0
1 changed files with 7 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

10
backend/src/services/jiraService.js
View file

@ -12,6 +12,10 @@ function getRequiredEnv(name) {
return value; return value;
} }
function oauthKey(accountId) {
return `oauth.${accountId.replaceAll(':', '_')}`;
}
function getExpiresAt(expiresInSeconds) { function getExpiresAt(expiresInSeconds) {
if (!expiresInSeconds) return null; if (!expiresInSeconds) return null;
return Date.now() + (Number(expiresInSeconds) - 60) * 1000; return Date.now() + (Number(expiresInSeconds) - 60) * 1000;
@ -114,7 +118,7 @@ export async function saveOAuthConnection(tokenPayload) {
expiresAt: getExpiresAt(tokenPayload.expires_in) expiresAt: getExpiresAt(tokenPayload.expires_in)
}; };
await kvOAuth.put(`oauth.${profile.accountId}`, JSON.stringify(connection)); await kvOAuth.put(oauthKey(profile.accountId), JSON.stringify(connection));
return { connection, profile }; return { connection, profile };
} }
@ -152,12 +156,12 @@ async function refreshAccessToken(connection) {
expiresAt: getExpiresAt(refreshed.expires_in) expiresAt: getExpiresAt(refreshed.expires_in)
}; };
await kvOAuth.put(`oauth.${connection.jiraAccountId}`, JSON.stringify(updated)); await kvOAuth.put(oauthKey(connection.jiraAccountId), JSON.stringify(updated));
return updated; return updated;
} }
async function getValidConnection(jiraAccountId) { async function getValidConnection(jiraAccountId) {
const entry = await kvOAuth.get(`oauth.${jiraAccountId}`); const entry = await kvOAuth.get(oauthKey(jiraAccountId));
if (!entry) throw new Error('Jira is not connected for this account.'); if (!entry) throw new Error('Jira is not connected for this account.');
const connection = entry.json(); const connection = entry.json();