[codex] Fix Google Calendar auth recovery#8968
Conversation
There was a problem hiding this comment.
1 issue found across 4 files
Confidence score: 4/5
- In
backend/tests/unit/test_google_calendar_auth_recovery.py, the third assertion is brittle because it depends on exact whitespace in a source snippet, so harmless formatting/refactor changes could fail CI and block otherwise valid merges. This is likely non-production risk, but de-risk by rewriting the assertion to validate behavior (or a less formatting-sensitive pattern) before merging.
Reply with feedback, questions, or to request a fix.
Re-trigger cubic
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 05fda48fab
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| updated.pop('access_token', None) | ||
| await run_blocking(db_executor, users_db.set_integration, uid, 'google_calendar', updated) |
There was a problem hiding this comment.
Delete the stale Calendar token on reauth
When invalid_grant or a missing refresh token hits this path, updated.pop('access_token', None) only removes the key from the local payload; users_db.set_integration persists with set(..., merge=True), so omitted fields are left untouched in Firestore. For affected Calendar users, the old access token remains stored even after the integration is marked disconnected/reauth_required, defeating the credential cleanup this branch appears to intend; use a Firestore delete sentinel or a non-merge overwrite for the token field.
Useful? React with 👍 / 👎.
05fda48 to
8a24a1d
Compare
Summary
GOOGLE_CALENDAR_AUTO_LINK_ENABLEDso generic sync/reprocess jobs do not call or mutate Calendar for every connected userreauth_requiredand disconnected when refresh credentials are permanently unusable (missing_refresh_tokenor Googleinvalid_grant)backend-sync, so token refresh config is preserved by runtime-env deploy renderingRoot cause
Calendar auto-linking was running inside generic conversation processing for every non-discarded conversation with timestamps and
google_calendar.connected == true. When access tokens expired,backend-syncand pusher repeatedly attempted refresh;backend-syncwas missing Google OAuth client env, and permanently invalid user credentials stayed marked connected, so future jobs retried indefinitely.Validation
cd backend && pytest -q tests/unit/test_google_calendar_auth_recovery.py tests/unit/test_calendar_linking_helpers_async.py tests/unit/test_calendar_link_async.py tests/unit/test_google_credentials.pycd backend && python scripts/validate-backend-runtime-env.py --env prod && python scripts/validate-backend-runtime-env.py --env devcd backend && python scripts/scan_import_time_side_effects.pycd backend && python scripts/scan_async_blockers.pygit diff --checkcd backend && CLOUD_RUN_VPC_NETWORK=dummy-net CLOUD_RUN_VPC_SUBNET=dummy-subnet OMI_LLM_GATEWAY_URL=http://dummy python scripts/render-backend-runtime-env.py --env prod | rg -n 'backend_sync_secrets|GOOGLE_CLIENT|backend_secrets|backend_integration_secrets'\n\nCloses Investigate Google Calendar OAuth 401s causing sync failures #8965