Skip to content

feat: add token refresh lifecycle callbacks to CalProvider#25203

Merged
Ryukemeister merged 3 commits intomainfrom
devin/1763368402-add-token-refresh-callbacks
Jan 27, 2026
Merged

feat: add token refresh lifecycle callbacks to CalProvider#25203
Ryukemeister merged 3 commits intomainfrom
devin/1763368402-add-token-refresh-callbacks

Conversation

@ThyMinimalDev
Copy link
Contributor

What does this PR do?

Adds three new optional callback props to CalProvider that enable users to react during the OAuth access token refresh lifecycle:

  • onTokenRefreshStart: Called when token refresh begins
  • onTokenRefreshSuccess: Called when token refresh succeeds
  • onTokenRefreshError: Called when token refresh fails (receives error message as parameter)

These callbacks are invoked in both token refresh locations:

  1. Response interceptor (when API returns 498 status)
  2. Initial access token validation (498 or 401 status)

The callbacks are properly threaded through the component hierarchy: CalProviderBaseCalProvideruseOAuthFlow hook.

Related:

Visual Demo

N/A - This is a programmatic API change with no visual component.

Mandatory Tasks

  • I have self-reviewed the code
  • I have updated the developer docs in /docs if this PR makes changes that would require a documentation change. N/A - This adds optional callbacks to an existing API; existing usage patterns remain unchanged.
  • I confirm automated tests are in place that prove my fix is effective or that my feature works. ⚠️ No tests added - This PR adds new optional callbacks but does not include automated tests. Manual testing would be required to verify the callbacks fire at the correct times.

How should this be tested?

Manual testing approach:

  1. Set up a CalProvider with the new callbacks:
<CalProvider
  clientId="your-client-id"
  accessToken="your-access-token"
  options={{ apiUrl: "...", refreshUrl: "..." }}
  onTokenRefreshStart={() => console.log("Token refresh started")}
  onTokenRefreshSuccess={() => console.log("Token refresh succeeded")}
  onTokenRefreshError={(error) => console.error("Token refresh failed:", error)}
>
  {/* your app */}
</CalProvider>
  1. Trigger a token refresh by:

    • Waiting for an access token to expire (498 response)
    • Making an API call with an invalid token
  2. Verify the callbacks are invoked in the correct order:

    • onTokenRefreshStart should fire first
    • Either onTokenRefreshSuccess or onTokenRefreshError should fire after
    • Existing onSuccess/onError callbacks should still work

Expected behavior:

  • Callbacks should fire during token refresh without breaking existing functionality
  • Apps not using these callbacks should continue to work unchanged
  • Error messages should be descriptive ("Invalid Refresh Token.")

Important Review Points

⚠️ Please pay special attention to:

  1. Removed try-catch block (line 75-97 in useOAuthFlow.ts): I removed an empty try-catch block that wrapped the http.get() call. Since errors are already handled in the .catch() method, this should be safe, but please verify there are no edge cases where synchronous errors could occur.

  2. Removed eslint-disable comment (line 2 in useOAuthFlow.ts): The // eslint-disable-next-line no-restricted-imports comment for lodash was accidentally removed. This may need to be restored if it causes linting issues.

  3. No automated tests: This PR does not include tests for the new callbacks. Consider whether integration tests should be added before merging.

  4. Dependency arrays: The new callbacks are added to useEffect dependency arrays. If consumers pass unstable callback references (not memoized), this could cause unnecessary re-renders.

Checklist

  • I have read the contributing guide
  • My code follows the style guidelines of this project
  • I have commented my code in JSDoc format for the new props
  • I have checked that my changes generate no new linting errors (667 warnings exist but are pre-existing)

Add three new optional callbacks to CalProvider that enable users to react during the access token refresh lifecycle:
- onTokenRefreshStart: Called when token refresh begins
- onTokenRefreshSuccess: Called when token refresh succeeds
- onTokenRefreshError: Called when token refresh fails with error message

These callbacks are invoked in both token refresh locations:
1. Response interceptor (when API returns 498 status)
2. Initial access token validation

The callbacks are properly passed through the component hierarchy:
CalProvider -> BaseCalProvider -> useOAuthFlow hook

Co-Authored-By: morgan@cal.com <morgan@cal.com>
@devin-ai-integration
Copy link
Contributor

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR that start with 'DevinAI' or '@devin'.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

@keithwillcode keithwillcode added core area: core, team members only foundation platform Anything related to our platform plan labels Nov 17, 2025
@github-actions
Copy link
Contributor

This PR has been marked as stale due to inactivity. If you're still working on it or need any help, please let us know or update the PR to keep it active.

@github-actions github-actions bot added the Stale label Nov 25, 2025
@github-actions
Copy link
Contributor

This PR has been closed due to inactivity. Please feel free to reopen it if you'd like to continue the work.

@github-actions github-actions bot closed this Dec 22, 2025
@ThyMinimalDev ThyMinimalDev reopened this Jan 22, 2026
@ThyMinimalDev ThyMinimalDev marked this pull request as ready for review January 22, 2026 12:18
@ThyMinimalDev ThyMinimalDev requested review from a team as code owners January 22, 2026 12:18
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 3 files

@Ryukemeister Ryukemeister merged commit bf39489 into main Jan 27, 2026
50 checks passed
@Ryukemeister Ryukemeister deleted the devin/1763368402-add-token-refresh-callbacks branch January 27, 2026 09:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

core area: core, team members only foundation platform Anything related to our platform plan ready-for-e2e size/M Stale

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants