Skip to content

fix: oauth sync#1710

Merged
nikhilsinhaparseable merged 1 commit into
parseablehq:mainfrom
nikhilsinhaparseable:oidc-sync
Jun 30, 2026
Merged

fix: oauth sync#1710
nikhilsinhaparseable merged 1 commit into
parseablehq:mainfrom
nikhilsinhaparseable:oidc-sync

Conversation

@nikhilsinhaparseable

@nikhilsinhaparseable nikhilsinhaparseable commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

current: user signs up using oauth, all queries fail with error - session expired or no longer valid
reason: user is not synced with other nodes in the cluster

fix: sync user+roles with all live nodes

Summary by CodeRabbit

  • Bug Fixes
    • Improved sign-in behavior so newly created or updated users are more consistently synchronized across the cluster in non-multi-tenant setups.
    • If the background sync fails, login still completes normally and the issue is logged for later review.

current: user signs up using oauth, all queries fail with error -
session expired or no longer valid
reason: user is not synced with other nodes in the cluster

fix: sync user+roles with all live nodes
@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Walkthrough

In src/handlers/http/oidc.rs, the reply_login handler now imports and conditionally calls sync_user_creation after creating or updating an OIDC user. The sync is skipped in multi-tenant mode; errors are logged and swallowed.

Changes

OIDC Login Cluster Sync

Layer / File(s) Summary
sync_user_creation import and post-login call
src/handlers/http/oidc.rs
Adds cluster::sync_user_creation to imports and, when is_multi_tenant() is false, calls it with the request, user, roles, tenant id, and admin username after login; errors are logged and ignored.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

A rabbit hops through login's gate,
Syncing users — never late!
Multi-tenant? Skip the sync,
Otherwise, just log and wink.
Errors fade like morning dew 🐇✨

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise and matches the OAuth cluster sync fix described in the changeset.
Description check ✅ Passed The description states the problem, cause, and fix, but it omits the template headings, issue reference, and checklist items.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/handlers/http/oidc.rs`:
- Around line 243-253: The OIDC login flow in the `Users.new_session` path
should not continue issuing a session when cluster user sync fails or only logs
non-2xx responses. Update `sync_user_creation` to return an error whenever any
node response is non-2xx, and make the caller in `oidc.rs` fail closed by
propagating that error instead of just tracing and proceeding. Use the
`sync_user_creation` and `Users.new_session` flow to ensure cookies are only
issued after all required cluster sync work succeeds.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 5ee8691f-8a28-4df9-b197-5010b72f1e69

📥 Commits

Reviewing files that changed from the base of the PR and between f872abb and c10cc93.

📒 Files selected for processing (1)
  • src/handlers/http/oidc.rs

Comment thread src/handlers/http/oidc.rs
@nikhilsinhaparseable nikhilsinhaparseable merged commit 3220c1b into parseablehq:main Jun 30, 2026
12 checks passed
@nikhilsinhaparseable nikhilsinhaparseable deleted the oidc-sync branch June 30, 2026 10:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants