attempt to fix cleanup db

Author: jeremybosma

package.json

@@ -1,6 +1,6 @@
 {
   "name": "integrate-sdk",
-  "version": "0.8.26",
+  "version": "0.8.27",
   "description": "Type-safe 3rd party integration SDK for the Integrate MCP server",
   "type": "module",
   "main": "./dist/index.js",

src/oauth/manager.ts

@@ -687,14 +687,10 @@ export class OAuthManager {
    * and sessionStorage is isolated per tab. localStorage is shared across tabs.
    * Keyed by state parameter for security and retrieval.
    * 
-   * Skipped when using server-side database storage (skipLocalStorage is enabled)
+   * Note: Pending auths are always stored in localStorage regardless of skipLocalStorage,
+   * as they are temporary OAuth state needed for the flow, not permanent token storage.
    */
   private savePendingAuthToStorage(state: string, pendingAuth: PendingAuth): void {
-    // Skip localStorage if using server-side database storage
-    if (this.skipLocalStorage) {
-      return;
-    }
-
     if (typeof window !== 'undefined' && window.localStorage) {
       try {
         const key = `integrate_oauth_pending_${state}`;
@@ -709,14 +705,10 @@ export class OAuthManager {
    * Load pending auth from localStorage (after redirect)
    * Returns undefined if not found or invalid
    * 
-   * Skipped when using server-side database storage (skipLocalStorage is enabled)
+   * Note: Pending auths are always loaded from localStorage regardless of skipLocalStorage,
+   * as they are temporary OAuth state needed for the flow, not permanent token storage.
    */
   private loadPendingAuthFromStorage(state: string): PendingAuth | undefined {
-    // Skip localStorage if using server-side database storage
-    if (this.skipLocalStorage) {
-      return undefined;
-    }
-
     if (typeof window !== 'undefined' && window.localStorage) {
       try {
         const key = `integrate_oauth_pending_${state}`;
@@ -734,14 +726,10 @@ export class OAuthManager {
   /**
    * Remove pending auth from localStorage
    * 
-   * Skipped when using server-side database storage (skipLocalStorage is enabled)
+   * Note: Pending auths are always removed from localStorage regardless of skipLocalStorage,
+   * as they are temporary OAuth state that should be cleaned up after the flow completes.
    */
   private removePendingAuthFromStorage(state: string): void {
-    // Skip localStorage if using server-side database storage
-    if (this.skipLocalStorage) {
-      return;
-    }
-
     if (typeof window !== 'undefined' && window.localStorage) {
       try {
         const key = `integrate_oauth_pending_${state}`;
@@ -756,14 +744,10 @@ export class OAuthManager {
    * Clean up expired pending auth entries from localStorage
    * Removes any entries older than 5 minutes
    * 
-   * Skipped when using server-side database storage (skipLocalStorage is enabled)
+   * Note: Pending auths are always cleaned up from localStorage regardless of skipLocalStorage,
+   * as they are temporary OAuth state that should be removed when expired.
    */
   private cleanupExpiredPendingAuths(): void {
-    // Skip localStorage if using server-side database storage
-    if (this.skipLocalStorage) {
-      return;
-    }
-
     if (typeof window !== 'undefined' && window.localStorage) {
       try {
         const prefix = 'integrate_oauth_pending_';

tests/oauth/automatic-skip-localstorage.test.ts

@@ -311,7 +311,7 @@ describe("Automatic skipLocalStorage Detection", () => {
   describe("Combined scenarios", () => {
     test("client-side: tokens persist in localStorage across page reloads", async () => {
       const manager1 = new OAuthManager("/api/integrate/oauth");
-      
+
       const tokenData: ProviderTokenData = {
         accessToken: "persistent-token",
         tokenType: "Bearer",
@@ -414,7 +414,7 @@ describe("Automatic skipLocalStorage Detection", () => {
 
       // Should call removeProviderToken callback
       expect(removeTokenMock).toHaveBeenCalledWith("github", undefined);
-      
+
       // Should be removed from database
       expect(dbTokens["github"]).toBeUndefined();
 
@@ -492,6 +492,57 @@ describe("Automatic skipLocalStorage Detection", () => {
       const allTokens = manager.getAllProviderTokens();
       expect(allTokens.get("github")).toEqual(newToken);
     });
+
+    test("pending auths are always cleaned up even with database callbacks", async () => {
+      const setTokenMock = mock(async (provider: string, tokenData: ProviderTokenData) => {
+        // Simulate database save
+      });
+
+      const manager = new OAuthManager(
+        "/api/integrate/oauth",
+        undefined,
+        undefined,
+        {
+          setProviderToken: setTokenMock,
+        }
+      );
+
+      // Simulate OAuth flow: create pending auth
+      const state = "test-state-123";
+      const pendingAuth = {
+        provider: "github",
+        state,
+        codeVerifier: "verifier",
+        codeChallenge: "challenge",
+        redirectUri: "http://localhost/callback",
+        returnUrl: undefined,
+        initiatedAt: Date.now(),
+      };
+
+      // Save pending auth to memory and localStorage (simulating initiateFlow)
+      (manager as any).pendingAuths.set(state, pendingAuth);
+      const pendingKey = `integrate_oauth_pending_${state}`;
+      mockLocalStorage.set(pendingKey, JSON.stringify(pendingAuth));
+      expect(mockLocalStorage.has(pendingKey)).toBe(true);
+
+      // Simulate callback completion with token (backend redirect flow)
+      const tokenData: ProviderTokenData = {
+        accessToken: "db-token",
+        tokenType: "Bearer",
+        expiresIn: 3600,
+      };
+
+      await manager.handleCallbackWithToken("code", state, { ...tokenData, provider: "github" });
+
+      // Pending auth should be removed from localStorage even though we're using database for tokens
+      expect(mockLocalStorage.has(pendingKey)).toBe(false);
+
+      // Token should NOT be in localStorage (goes to database instead)
+      expect(mockLocalStorage.has("integrate_token_github")).toBe(false);
+
+      // But token should be saved via callback
+      expect(setTokenMock).toHaveBeenCalledWith("github", tokenData, undefined);
+    });
   });
 });